X

Best Practices from Oracle Development's A‑Team

Identity is the new perimeter BUT, you still need a firewall!

Kiran Thakkar
Consulting Solutions Architect

Identity is the new perimeter. Sounds familiar?<_p>

In a traditional on-prem world, all the workload had one thing in common. They were all part of a large private network. You could shield that common attack vector (network) with strong security policies using both Web Application Firewall (WAF) and network firewall. As the workload moved to cloud, it moved to a lot of different cloud providers some SaaS and some Iaas_PaaS. In such a distributed world, the network is no more shared or is no more common factor. identity is the one common factor. You could use that to apply uniform security policies across various applications. From that perspective, yes, identity is the new perimeter however, you still have to protect the workload using WAF and network firewall.<_p>

We, at Oracle, have always believed in defense in depth. When you run the workload on Oracle cloud, you get to choose the best of both worlds. You can and must implement traditional firewall-based security using WAF (Web Application Firewall), and network firewall, and also leverage Oracle cloud IAM to secure workload making sure who and when can access the workload.<_p>

Today, I want to focus on how to best use WAF policies and network firewall on OCI to secure the workload. Let's start with Network firewall.<_p>

Network firewall<_h1>

A network firewall is implemented by using Virtual Cloud Network (VCN) security lists. Customers can specify a set of firewall rules and associate them with one or more subnets. Associating a security list with a subnet applies those firewall rules to all instances running inside the subnet, at the packet level. There are two types of firewall rules:<_p>

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha