OCI Security Kickstart Workshop

2 minute read

Exercise 12: Create Security Zone

In this exercise, you will create a Security Zone in Oracle Cloud Infrastructure (OCI) to enforce security policies and explore the restrictions applied to resources created within the zone.

Objectives

Set up a Security Zone in OCI.
Test the Security Zone by creating an Object Storage bucket to observe enforced limitations.

Environment

Perform this exercise within the following environment:

Compartment: OCI-SEC-WS-LAB-nn
Region: Germany Central (Frankfurt)
OCI Console URL: OCI Console Frankfurt - Login
OCI User: lab-oci-sec-wsNN
OCI Password: provided by trainer

Ensure you are in the correct compartment and region. New resources, such as Cloud Shell configurations and ADB access settings, should be created within your designated compartment.

Solution

Login as User XYZ in OCI console and go to Security & Identity -> Security Zones. Ensure you have select the proper compartment in from the dropdown list on left side.

Create Security Zone

Identity & Security -> Security Zones

In dashboard, Create Security Zone.

>> step_1

Name the resource, as example in style: security-zone-. As example: security-zone-mbg-oci-sec-ws-lab-00. Add a description and click on **Create Security Zone**.

>> step_2

Verify the new associated compartment.

>> step_3

In Security Zones -> Recipes, verify the associated Maximum Security Recipe automatically attached.

>> step_4

Create an Object Storage bucket

Ensure you have select the proper compartment in from the dropdown list on left side to create a new Object Storage bucket. Verify the error.

>> step_5

Change and use the Customer Managed Key from exercise 01, as example my key called_mek-mbg-oci-sec-ws-lab-00_.

>> step_6

Try to change visibility from the new created bucket to public. Verify the error message.

>> step_7

Delete Security Zone

In Security & Identity -> Security Zones, select your security zone and delete it.

>> step_8

Create a Public Object Storage

In Object Storage menu, change the visibility of created Object Storage bucket to PUBLIC. Verify the visibility - a yello triangle occurs.

>> step_9

Create Security Zone again

We repeat step 1, and create again the security zone in out compartment. Verify the Violations after successful creation. Is the public bucket detected? If not, grab a coffee and come back in a few minutes.

step_10

Summary

In this exercise, you:

Created a Security Zone to enforce OCI security policies.
Attempted to create an Object Storage bucket within the Security Zone, observing any restrictions and limitations.

You are now ready to continue with the next exercise, where you will configure and test the Web Application Firewall (WAF) for enhanced application security.

Previous Exercise: Exercise 11: SQL Firewall
Next Exercise: Exercise 13: Web Application Firewall (WAF)