Summary
The reference architecture should be followed.
References
- Security Best Practices
- Deploy a secure landing zone that meets the CIS Foundations Benchmark for Oracle Cloud
CIS Landing Zone
The reference architecture is:
Description of above image can be found here.
Network Security Groups
Network Security Groups (NSGs) should be used for the following reasons:
- More granular filtering and control when compared to security lists
- Micro-segmentation
- NSG are prioritised over security lists
NSGs are created for groups of resources that have the same network security requirements. NSGs should be specific as possible.
Network Design: Best Practices
Consider the following best practices:
- Bastion Service
- Bastion service is free and simple with time-limited sessios for greater security.
- Restrict Access
- Prevent unauthorised users from managing critical network services.
- Network Firewall
- A network firewall is another layer of security above security lists and NSGs by using capabilities such as IPS, URL Filtering, and SSL Inspection.