Many times when you work for someone, they already have their own vulnerability scanning throughout the organization. What usually happens is that onboarding to that tooling might take time, that’s why I initially started to look on OCI Vulnerability Scanning Service – to have something scanning your servers or images from day 1! Or could…
OCI Network Firewall – Real World problems
I recently hit an issue with OCI Network Firewall that we had configured with NAT GW (see previous posts on it). We expected only to use it for egress traffic from OCI to public internet from our private compute VMs but a new requirement came which required to access some privately exposed services on OCI,…
Installing OCI Network Firewall – Allowing traffic via policies
Now that we have designed and installed our OCI Network Firewall we’re ready to allow some traffic through the firewall. What you’ll end up doing is to modifying policies which are applied to the firewall. How it works is that there’s always a single policy attached to the firewall, if you need to update the…
Installing OCI Network Firewall – Provisioning and Configuration
Now we’re going to follow the initial design I laid out here. We already have networking provisioned, so next step will be to use OCI Console and provision our OCI Network Firewall. Once we’ve provisioned it, I’ll see what happens with traffic when it hits the firewall. Final post of this series will be then…
Installing OCI Network Firewall – Design
One of the cool things Oracle has brought to OCI is managed network firewall service which is based on Palo Alto. Before OCI Network Firewall I saw constant requirement to provision self-managed firewall such as Palo Alto, Fortinet, Check Point etc. This is still a requirement as OCI Network Firewall might not provide all the…
OCI Tips and Tricks: Three ways to login to your Compute VM
New video! This time I’m showing how to login to your OCI Compute VM in three different ways: Public Compute Bastion Service Cloud Shell Hope you like the video – leave a feedback in the comments of the video if you think I should have covered something else as well. I forgot to mention that…
I’m back! Something new.. and more blog posts!
I attended Oracle Cloud World last week, and was positively surprised how much fun I had there! I really appreciate the folks who came and said they like reading my blog, I’ve been telling folks I haven’t had much motivation to create new content lately, but that actually made my motivation to go higher! Due…
Go Bastion(less!) on OCI
Update May 31st, 2021 – Seems like there was documentation bug so I’ve updated part about Agents. They are disabled by default so you need to enable them always if you want to use Bastion Service Managed session. I’ve always had slight dislike on requiring Bastion (Jump) server on any cloud which is self-managed. Sure,…
Get notified on unwanted network changes with OCI Cloud Guard
Oracle introduced Cloud Guard some time ago to OCI, in this post I’ll take a brief look what Cloud Guard is and how you can get notified on unwanted changes in your tenancy. As an example, I have a public VCN which is required for my project. I might have several admins managing the VCN…
Security in Oracle Cloud Infrastructure and why you should care less about it
I recently attended Accenture’s Oracle leadership council and was asked to speak about Oracle Cloud Infrastructure security. I’ve said that I’m definitely not an expert on security and that’s why the subject was actually a cool one to speak about! If you’ve used any of the major cloud providers (Azure, AWS, GCP) you know the…