Network Security Guidelines

Secure network access to your resources in Compute Cloud@Customer.

For comprehensive information about security networking, see Securing Networking: VCN, Load Balancers, and DNS.

Use VCN Security Features

Use security lists, network security groups, or a combination of both to control packet-level traffic in and out of the resources in your VCN. See Configuring VCN Rules and Options.

When you create a subnet in a VCN, by default the subnet is considered public and internet communication is permitted. Use private subnets to host resources that don't require internet access. You can also configure a service gateway in your VCN to allow resources on a private subnet to access other cloud services. See Service Gateways.

Compute Cloud@Customer has a collection of features for enforcing network access control and securing VCN traffic. These features are listed in the following table:


VCN Feature	Security Description
VCNs and Subnets	A VCN can be partitioned into subnets. Instances inside private subnets can't have public IP addresses. Instances inside public subnets can optionally have public IP addresses at your discretion. See Managing VCNs and Subnets
Security Rules	Security rules provide stateful and stateless firewall capability to control network access to your instances. To implement security rules in your VCN, you can use Network Security Groups or Security Lists. For more information, see: Comparison of Security Lists and Network Security Groups Configuring VCN Rules and Options
Gateways	Gateways let resources in a VCN communicate with destinations outside the VCN. The gateways include: Internet Gateways: For internet connectivity (for resources with public IP addresses in public subnets). NAT Gateways: For internet connectivity without exposing the resources to incoming internet connections (for resources in private subnets). Dynamic Routing Gateways (DRGs): For connectivity to your data center network. Service Gateways: For private connectivity to Oracle services such as Object Storage. Local VCN Peering using Local Peering Gateways: For connectivity to a peered VCN in the same region.
VCN Route Tables	Route tables control how traffic is routed from your VCN subnets to destinations outside the VCN. Routing targets can be VCN gateways or a private IP address in the VCN. See Working with Route Tables.
IAM Policies for Networking	IAM policies specify access and actions permitted by IAM groups to resources in a VCN. For example, IAM polices can give administrative privileges to network administrators who manage the VCNs, and scoped-down permissions to normal users. Attention: For Compute Cloud@Customer, IAM resources are managed within OCI, and synchronized to Compute Cloud@Customer. IAM resources can't be managed on the Compute Cloud@Customer infrastructure. See IAM Policies for Networking

Oracle Cloud Infrastructure Documentation Try Free Tier

Network Security Guidelines

Use VCN Security Features 🔗

Oracle Cloud Infrastructure Documentation
Try Free Tier

Use VCN Security Features