OCI-Database-DB-Network-Security-Groups-Enabled

Severity : High

Description: This control ensures that the OCI databases are associated with security zones. Enabling network security zones on database systems allow for fine grain control over network access to the database, ensuring databases are only accessible from trusted entities and following security best practices.  Security zone have sets of security policies called a security recipe which provides the highest level of protection for your Database resources.

Remediation Steps:

Perform following to create auto scaling configuration :

1. Login to the OCI console at Cloud Sign In.

2. Create Security Zone with DB security policy

   1. In navigation menu click  Identity & Security.

   2. Under Security Zones, click Overview.

   3. Click Create Security Zone.

   4. Enter a name and description for the security zone. Oracle Cloud creates a compartment  with the same name and assigns it to this security zone.

   5. For Create in Compartment, navigate to the compartment that you want to create the new compartment in.

   6. Click Create Security Zone.

3. Move database resources to new compartment with new security group

   1. In navigation menu click Oracle Database.

   2. Depending on your workload click one of: Autonomous Data Warehouse, Autonomous JSON Database, or Autonomous Transaction Processing.

   3. Choose your Compartment.

   4. Select an Autonomous Database instance from the list in your compartment.

   5. On the Details page, from the More Actions drop-down list, select Move Resource.

   6. In the Move Resource to a Different Compartment page, select the new compartment.

   7. Click Move Resource.

Important:

Reference:

• https://docs.oracle.com/en-us/iaas/security-zone/using/managing-security-zones.htm

• https://docs.oracle.com/en/cloud/paas/autonomous-database/adbsa/autonomous-move.html#GUID-D3E6A489-D125-4339-9D23-BAE52DFE512E