How to Set Up Vulnerability Scanning Service in OCI (Step-by-Step Guide)

 

Introduction

Securing your cloud infrastructure is critical, and Oracle Cloud Infrastructure (OCI) provides a built-in Vulnerability Scanning Service (VSS) to detect security risks in your compute instances. In this guide, we’ll walk through the complete setup—from scan recipes to remediation.

---

Prerequisites

• A running OCI compute instance
• Proper access to OCI Console
• Required permissions to configure security services

Create scan recipes

Click on create scan recipe

Go to the compute instance and Enable the VSS agent

Create target. In this example, i am taking a single compute instance as an example.

Configure Cloud Guard and click on recipes

change it to root

click on Detector Rules tab and make sure the below ones are enabled

from the home page, click on configuration and then create new targets

Once the target is created, then move to scan reports

Click on vulnerability report

Go to cloud guard >Alerts>problems

The next step would be to remediate the problems based upon the individual scenarios one by one.

Conclusion

OCI’s Vulnerability Scanning Service combined with Cloud Guard provides a powerful security layer. Regular scans and proactive remediation ensure your infrastructure remains secure and compliant.

whitelist the IP address for accessing the Compute Instance in OCI

In Oracle Cloud Infrastructure (OCI), a whitelist is a security feature that allows you to specify a list of IP addresses or CIDR blocks that are permitted to access your resources.

A whitelist IP in Oracle Cloud is a list of approved IP addresses that can access a particular OCI resource, such as an instance, database, or storage bucket. When a whitelist is configured, only requests originating from the approved IP addresses can access the resource. All other requests are rejected by the OCI network security policies.

To add a whitelist IP in Oracle Cloud, you need to provide the IP address or range of IP addresses that you want to allow access to your resource. You can add the IP addresses manually or import a list of IP addresses from a file. Once the whitelist is set up, you can manage it by adding, deleting, or modifying the IP addresses as required.

Using a whitelist can help improve the security of your OCI resources by reducing the attack surface and limiting access to authorized users or systems. 

I had an existing security list and rules were defined as publicly open to all(0.0.0.0/0). Anyone having the public IP address of the compute instance and the key should have the access to the instance. Now, as part of this post, i want the restrict the access to only my machine. So, i am going to edit the existing rule and put my machine's IP address.

Now, if i try to login to the Compute instance, it should allow me to login.

This post illustrates a very basic security posture which we should maintain we spin off the instance very easily on the cloud. The access should not be open to all. Try to restrict the access as much as possible.

That's all for this post. I hope it will help someone. Till then, enjoy learning cloud.

Access Control for WAF in OCI aka Oracle Cloud Infrastructure

 In my last post https://samappsdba.blogspot.com/2023/01/web-application-firewall-as-reverse-proxy-server-oci.html, we have seen how we can setup the WAF in OCI. In this post, we will see how we can setup access control for WAF in OCI. 

What are access Controls:-Describes the conditions for an access rule used with a WAF policy.As a WAF administrator, you can define explicit actions for requests that meet various conditions. Conditions use various operations. A rule action can be set to allow, check, and return HTTP response for all matched requests.

In this post, i have tried to simulate a scenario, wherein if the requests are coming from Region India, it will not allow it.

Publish the changes. Now if I try to login

In the log, I can see that it has been blocked

Now, for the same region, how to allow a single IP address.

Conditions will be:-

Save the changes and publish it. Publishing the changes takes around 10 mins of time.

There it is

 

I can access the site now

I hope this post will help someone. Till then keep learning cloud.

Reference:-https://docs.oracle.com/en-us/iaas/Content/WAF/AccessControl/access_control_management.htm

Web Application Firewall(waf) as reverse proxy in Oracle Cloud (OCI)

 Oracle Cloud Infrastructure Web Application Firewall is a regional-based and edge enforcement service that is attached to an enforcement point, such as a load balancer or a web application domain name. WAF protects applications from malicious and unwanted internet traffic. WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications. In this post, WAF works as a reverse proxy between the client and your website server. The real IP addresses of your website server are hidden from the visitors, and only the IP addresses of WAF are visible to them. The IP address of the web server is already mapped with DNS mapping.

Create WAF Policy

WAF Origin is basically the host or IP address of the public internet facing application that is being protected by the application. 

This takes time. Once it is created successfully, you will get the below screen.

Now test your application. Reference:-https://docs.oracle.com/en-us/iaas/Content/WAF/Concepts/gettingstarted.htm

Now, go to the OCI DNS Service and create a CNAME.

Publish the changes.

Next, modify the security lists of the webserver to recieve the requests from WAF. At this moment, we would need the IPV4 address of the WAF. If you scroll above, when we tested the application, we had recieved one IPV4 address. If I check the IP address for WAF server, it gives me the CIDR value with reference 192.29.50.64 and thus i used 192.29.0.0/16.

In the browser now, test it

We can verify the logs from WAF

Response code is 200.

I hope this post will be helpful for someone. In the next post, we will see how we can use Access Control in WAF for OCI. Till then, happy learning cloud.

Reference:-https://docs.oracle.com/en-us/iaas/Content/WAF/Concepts/overview.htm#:~:text=Oracle%20Cloud%20Infrastructure%20Web%20Application%20Firewall%20is%20a%20regional%2Dbased,malicious%20and%20unwanted%20internet%20traffic.