OCI-Networking-VCN-Multiple-Subnets

Owned by naveen
Last updated: Dec 21, 2021
1 min read

Severity : Medium

Description: This control ensures that the VNC in OCI uses multiple small IPV4 CIDR blocks and not using a single big block of 64K. Single network within a VCN increases the risk of a broader blast radius in the event of a compromise. With multiple subnets in each VNC provides architecture to take advantage of public and private tiers. Also the all instances in a subnets uses same route tables, security lists providing layered security and access control for each subnet.

Remediation Steps:

Perform following to create subnets in the VNC :

  1. Login to the OCI console at Cloud Sign In.

  2. In navigation click Networking and then click Virtual Cloud Networks.

  3. Click on the VNC reported.

  4. Click Create Subnet.

  5. In Create Subnet, Select Compartment and Enter Name for Subnet.

  6. For Subnet Type, Select Regional type as this can be used in any AD for the Region.

  7. Enter the CIDR block, route table for the subnet.

  8. Select Subnet Access as Private or Public to control access to the subnet.

  9. Configure DNS Label, Domain Name and DHCP options.

  10. Configure Security Lists.

  11. Click Create. Repeat the above steps to add more then one subnets.

Important:

  • Size of subnets can change after creation.

Reference:

Blue Hexagon Proprietary