About Me
Oracle Cloud Infrastructure 2021 Certified Architect Professional
1 Oracle Cloud Infrastructure (OCI) Architecture
1-1 OCI Overview
1-1 1 OCI Core Services
1-1 2 OCI Regions and Availability Domains
1-1 3 OCI Tenancy Structure
1-1 4 OCI Identity and Access Management (IAM)
1-1 5 OCI Networking
1-1 6 OCI Compute Services
1-1 7 OCI Storage Services
1-1 8 OCI Database Services
1-1 9 OCI Security Services
1-1 10 OCI Monitoring and Management
1-2 OCI Architecture Best Practices
1-2 1 Designing for High Availability
1-2 2 Designing for Disaster Recovery
1-2 3 Designing for Scalability
1-2 4 Designing for Security
1-2 5 Designing for Cost Optimization
1-2 6 Designing for Compliance
1-3 OCI Architecture Patterns
1-3 1 Multi-Tier Application Architecture
1-3 2 Microservices Architecture
1-3 3 Serverless Architecture
1-3 4 Hybrid Cloud Architecture
1-3 5 Data Lake Architecture
1-3 6 Big Data Architecture
1-3 7 Machine Learning Architecture
2 OCI Identity and Access Management (IAM)
2-1 IAM Overview
2-1 1 IAM Components
2-1 2 IAM Policies
2-1 3 IAM Groups and Users
2-1 4 IAM Dynamic Groups
2-1 5 IAM Federation
2-1 6 IAM Authentication and Authorization
2-2 IAM Best Practices
2-2 1 Least Privilege Principle
2-2 2 Role-Based Access Control (RBAC)
2-2 3 Multi-Factor Authentication (MFA)
2-2 4 IAM Policy Management
2-2 5 IAM Monitoring and Auditing
3 OCI Networking
3-1 Networking Overview
3-1 1 Virtual Cloud Networks (VCNs)
3-1 2 Subnets
3-1 3 Route Tables
3-1 4 Security Lists
3-1 5 Network Security Groups (NSGs)
3-1 6 Internet Gateways
3-1 7 NAT Gateways
3-1 8 Service Gateways
3-1 9 Dynamic Routing Gateways (DRGs)
3-1 10 FastConnect
3-1 11 Load Balancers
3-2 Networking Best Practices
3-2 1 Designing for Network Segmentation
3-2 2 Designing for Network Security
3-2 3 Designing for Network Performance
3-2 4 Designing for Network Scalability
3-2 5 Designing for Network Resilience
4 OCI Compute Services
4-1 Compute Services Overview
4-1 1 Compute Instances
4-1 2 Instance Pools
4-1 3 Autoscaling
4-1 4 Dedicated Virtual Machines (VMs)
4-1 5 Bare Metal Instances
4-1 6 Oracle Container Engine for Kubernetes (OKE)
4-1 7 Oracle Functions
4-1 8 Oracle Cloud Shell
4-2 Compute Services Best Practices
4-2 1 Designing for Compute Scalability
4-2 2 Designing for Compute Security
4-2 3 Designing for Compute Cost Optimization
4-2 4 Designing for Compute Resilience
4-2 5 Designing for Compute Performance
5 OCI Storage Services
5-1 Storage Services Overview
5-1 1 Block Volume
5-1 2 Object Storage
5-1 3 File Storage
5-1 4 Archive Storage
5-1 5 Data Transfer
5-1 6 Storage Gateway
5-2 Storage Services Best Practices
5-2 1 Designing for Storage Scalability
5-2 2 Designing for Storage Security
5-2 3 Designing for Storage Cost Optimization
5-2 4 Designing for Storage Resilience
5-2 5 Designing for Storage Performance
6 OCI Database Services
6-1 Database Services Overview
6-1 1 Autonomous Database
6-1 2 Oracle Database Cloud Service
6-1 3 MySQL Database Service
6-1 4 NoSQL Database
6-1 5 Exadata Cloud Service
6-2 Database Services Best Practices
6-2 1 Designing for Database Scalability
6-2 2 Designing for Database Security
6-2 3 Designing for Database Cost Optimization
6-2 4 Designing for Database Resilience
6-2 5 Designing for Database Performance
7 OCI Security Services
7-1 Security Services Overview
7-1 1 Key Management Service (KMS)
7-1 2 Vault
7-1 3 Web Application Firewall (WAF)
7-1 4 Cloud Guard
7-1 5 Vulnerability Scanning
7-1 6 Bastion Service
7-2 Security Services Best Practices
7-2 1 Designing for Data Encryption
7-2 2 Designing for Network Security
7-2 3 Designing for Identity and Access Management
7-2 4 Designing for Security Monitoring and Response
7-2 5 Designing for Compliance and Governance
8 OCI Monitoring and Management
8-1 Monitoring and Management Overview
8-1 1 Monitoring
8-1 2 Logging
8-1 3 Notifications
8-1 4 Events
8-1 5 Resource Manager
8-1 6 Service Connector Hub
8-1 7 Application Performance Monitoring (APM)
8-2 Monitoring and Management Best Practices
8-2 1 Designing for Monitoring and Alerting
8-2 2 Designing for Logging and Analytics
8-2 3 Designing for Automation and Orchestration
8-2 4 Designing for Performance Tuning
8-2 5 Designing for Cost Management
9 OCI Integration and API Management
9-1 Integration and API Management Overview
9-1 1 Oracle Integration Cloud (OIC)
9-1 2 API Gateway
9-1 3 API Management
9-1 4 Streaming
9-1 5 Notifications
9-2 Integration and API Management Best Practices
9-2 1 Designing for Integration Scalability
9-2 2 Designing for API Security
9-2 3 Designing for API Performance
9-2 4 Designing for API Governance
9-2 5 Designing for Event-Driven Architecture
10 OCI DevOps and Continuous Delivery
10-1 DevOps and Continuous Delivery Overview
10-1 1 Oracle Cloud DevOps
10-1 2 Oracle Cloud Build
10-1 3 Oracle Cloud Deploy
10-1 4 Oracle Cloud Pipelines
10-1 5 Oracle Cloud Artifacts
10-1 6 Oracle Cloud Code Repository
10-2 DevOps and Continuous Delivery Best Practices
10-2 1 Designing for Continuous Integration
10-2 2 Designing for Continuous Delivery
10-2 3 Designing for Infrastructure as Code (IaC)
10-2 4 Designing for Automated Testing
10-2 5 Designing for Release Management
11 OCI Governance and Compliance
11-1 Governance and Compliance Overview
11-1 1 Oracle Cloud Governance
11-1 2 Oracle Cloud Compliance
11-1 3 Oracle Cloud Policies
11-1 4 Oracle Cloud Tagging
11-1 5 Oracle Cloud Cost Management
11-2 Governance and Compliance Best Practices
11-2 1 Designing for Policy Enforcement
11-2 2 Designing for Resource Tagging
11-2 3 Designing for Cost Tracking
11-2 4 Designing for Audit and Compliance
11-2 5 Designing for Governance Automation
12 OCI Advanced Topics
12-1 Advanced Topics Overview
12-1 1 Oracle Cloud Native Services
12-1 2 Oracle Cloud AI and Machine Learning
12-1 3 Oracle Cloud Blockchain
12-1 4 Oracle Cloud IoT
12-1 5 Oracle Cloud Analytics
12-2 Advanced Topics Best Practices
12-2 1 Designing for Cloud Native Applications
12-2 2 Designing for AI and Machine Learning
12-2 3 Designing for Blockchain
12-2 4 Designing for IoT
12-2 5 Designing for Analytics
3-1-4 Security Lists Explained

3-1-4 Security Lists Explained

Key Concepts

Security Lists

Security Lists in Oracle Cloud Infrastructure (OCI) are virtual firewalls for controlling traffic at the subnet level. They contain a set of ingress and egress rules that define what types of traffic are allowed to enter or leave the subnet. Each subnet in a Virtual Cloud Network (VCN) can be associated with one or more security lists.

Example: Think of a security list as a bouncer at a nightclub. The bouncer checks the guest list (ingress rules) to allow or deny entry and also monitors the exit (egress rules) to ensure no unauthorized people leave.

Ingress Rules

Ingress rules in a security list control incoming traffic to the resources within a subnet. Each ingress rule specifies the source of the traffic, the protocol, and the port range. By configuring ingress rules, you can allow or deny specific types of traffic from entering your subnet.

Example: If you want to allow only SSH traffic (port 22) from a specific IP address to access your compute instances, you would create an ingress rule that allows TCP traffic on port 22 from that IP address.

Egress Rules

Egress rules in a security list control outgoing traffic from the resources within a subnet. Each egress rule specifies the destination of the traffic, the protocol, and the port range. By configuring egress rules, you can allow or deny specific types of traffic from leaving your subnet.

Example: If you want to allow your compute instances to access a specific external database, you would create an egress rule that allows TCP traffic on the database's port (e.g., port 1521) to the database's IP address.

Default Security Lists

When you create a VCN, OCI automatically creates a default security list for each subnet. The default security list allows all traffic within the VCN and denies all traffic from outside the VCN. This provides a basic level of security but may not be sufficient for all use cases.

Example: The default security list is like a basic security system that allows family members (resources within the VCN) to move freely but locks the door to strangers (external traffic).

Custom Security Lists

Custom security lists allow you to define more granular rules for controlling traffic. You can create multiple custom security lists and associate them with different subnets to meet your specific security requirements. Custom security lists provide flexibility and control over network traffic.

Example: If you have a sensitive department (subnet) that requires stricter access controls, you can create a custom security list with specific ingress and egress rules to ensure only authorized traffic is allowed.

By understanding and implementing Security Lists, you can effectively control and secure the traffic within your Oracle Cloud Infrastructure environment, ensuring that your resources are protected according to your security policies.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.