Control: 2.6 Ensure Oracle Integration Cloud (OIC) access is restricted to allowed sources

Description

Oracle Integration (OIC) is a complete, secure, but lightweight integration solution that enables you to connect your applications in the cloud. It simplifies connectivity between your applications and connects both your applications that live in the cloud and your applications that still live on premises. Oracle Integration provides secure, enterprise- grade connectivity regardless of the applications you are connecting or where they reside. OIC instances are created within an Oracle managed secure private network with each having a public endpoint. The capability to configure ingress filtering of network traffic to protect your OIC instances from unauthorized network access is included. It is recommended that network access to your OIC instances be restricted to your approved corporate IP Addresses or Virtual Cloud Networks (VCN)s.

Restricting connectivity to OIC Instances reduces an OIC instance’s exposure to risk.

Remediation

From Console

1. Follow the audit procedure above.
2. For each OIC instance in the returned results, click the OIC Instance name.
3. Click Network Access.
4. Either edit the Network Access to be more restrictive.

From CLI

1. Follow the audit procedure.
2. Get the json input format using the below command:

oci integration integration-instance change-network-endpoint --generate-param-json-input

3. For each of the OIC Instances identified get its details.
4. Update the Network Access, copy the network-endpoint-details element from the JSON returned by the above get call, edit it appropriately and use it in the following command

Oci integration integration-instance change-network-endpoint --id <oic-instance-id> --from-json '<network endpoints JSON>'