Vom 19. bis zum 22. November 2024 war Nürnberg einmal mehr der Treffpunkt für Oracle-Experten, Anwender und Partner. Aber nicht nur Oracle war Thema, auch PostgreSQL, Soft Skills und vieles mehr stand auf der Agenda. Die DOAG Konferenz bot auch in diesem Jahr eine Plattform, um Wissen auszutauschen, neue Entwicklungen zu präsentieren und Kontakte zu knüpfen. Ich hatte die Ehre, selbst mit vier Vorträgen vertreten zu sein und meine Erfahrungen rund um Themen wie Oracle Cloud Infrastructure Security, Automation mit Oracle Linux Automation Manager, sowie Red Hat Ansible Automation zu teilen. Meine Vorträge und Highlights Es ist immer ein besonderes Erlebnis, vor einem grossen Publikum zu sprechen, und die Sessions in den gut gefüllten Räumen haben gezeigt, dass das Interesse…
Read MoreCategory: Security
Hardening Oracle Cloud Infrastructure – Part 2: Remediation
In the first blog part, I wrote that’s not so easy to identify risk in your Oracle Cloud Infrastructure account. CIS – Center of Internet Security – has a free benchmark which supports you in hardening your account. And with Palo Alto Prisma or OCI Cloud Guard, there are two tools which provide information too. But I want to have an easier way to identify and remediate dangers. select * from cloud; Steampipe.io provides a powerful CLI tool, where you can query cloud account by API. Instead if clicking actions in the user interface to find out who has no MFA enabled, just execute this query: steampipe query “select name, is_mfa_activated from oci_identity_user where is_mfa_activated=false;” +———————————————————+——————+ | name | is_mfa_activated…
Read MoreHardening Oracle Cloud Infrastructure – Part 1: Identification
Cloud Security When you search with the term “Cloud Breaches 2022” in one of the search engines, there is a almost endless list of breaches. In this 2-part blog post I show you an easy way, to level up your security in Oracle Cloud Infrastructure. For example listed on https://www.immuniweb.com/blog/top-10-cloud-security-incidents-in-2022.html: As you can see here, these are all issues related to security settings done by the owner of the accounts. No special hacking methods, no social engineering. Just wrong settings. Sure, there are also technical bugs possible, this one has happened in summer 2022 in Oracle Cloud Infrastructure and was called #AttachMe: https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access Cloud Security Risks – Items These items are all configurable by customer, like roles not according least-privilege…
Read MoreOracle Cloud Infrastructure – A short Blog Post about a secure and small Development Setup
For an internal project I had the pleasure to setup a new Oracle Cloud Infrastructure environment for an APEX development team. Here is a short overview about the setup. Requirements VPN Access from everywhere – 2 people are working maximal at same time on the environment Oracle Standard Edition 2 – no license available in project Small monitoring to verify server stats Instances can be started and stopped from the developers to save costs for example over night, weekend, holiday etc. Architecture Diagram Resource Network Usage Remarks Open VPN Access Server Public Subnet VPN client access and traffic routing OCI Cloud Marketplace Image – OpenVPN Access Server (2 FREE VPN Connections) – OpenVPN Inc. – Oracle Cloud Marketplace Management Server…
Read MoreOracle Cloud Infrastructure Data Safe – How to burn down 201.44 Swiss Francs in 30 Seconds…
Is Data Safe really for free? In the last autumn, the new Oracle Cloud Infrastructure feature called Data Safe was released. For sure, new features has to be tested. I have tested the Data Safe feature too and added a cloud database to Data Safe. But in my enthusiasm about this cool feature – or maybe it was just too late in the evening – I did a mistake by adding the database target. Four days later, I recognized that Data Safe is charged in my account. Mmm, but should it not be for free? First reaction: I raised an SR and described the case. The nice guy from My Oracle Support realized the situation quickly: Dear Mister Berger, you…
Read More