33. Security Zones and Security Advisor - Oracle Cloud Infrastructure Foundations - video Dailymotion

Watch 33. Security Zones and Security Advisor - Oracle Cloud Infrastructure Foundations - Psycho Killer on Dailymotion

Transcript

00:00welcome to this lesson on security zones and security advisor security zone is to configure

00:10a location in which you cannot disable security security advisor is a service that unifies

00:17security zone cloud guard and some other capabilities together in a cohesive whole

00:23in this lesson we will look into both of these services so first let's look at security zones

00:29what are these security zones well we talked about that you have resources in your compartments

00:35as you can see here you have two compartments compartment a and compartment b you could

00:39designate compartment b as a security zone what does that mean well that means that that this

00:46particular compartment once it's assigned sort of this security zone nomenclature has a set of

00:54security zone recipes these are nothing but your policies uh which which get enforced here

01:00and anytime there is a policy violation that operation is denied so what does that look like

01:06which services are supported well the the core primitives today are supported including networking

01:11storage compute and databases what does that actually mean well if you specify that subnet

01:17always have to be private if you create a public subnet that operation will be denied

01:21if the rule says that the customer manage master encryption keys have to be used instead of provider

01:27manage musting encryption keys and if that is violated the operation will be denied so the idea is

01:34you take a portion of your tenancy think about you know your own home you have the most secure items

01:41you have whether it's your passport or documents or jewelry or something else you could keep that

01:46in a secure vault make it fire safe etc so it's it's protected in case of any kind of a breach

01:54or a natural disaster so the same idea applies here you take your tenancy not everything in your

02:00tenancy is super secure but some elements in your tenancy some portions of it are going to be super

02:05secure you create a security zones sometimes it's also referred to as max security zones and the resources

02:12which are kept there have a kind of a policies applied to them recipes applied to them and those

02:18policies cannot be violated it's a simple way to think about for security zones security advisor

02:24is really a combination service that takes the functionality that's provided by cloud guard

02:29and security zone as well as some of the other security services and bring them together so in a way

02:36it's our own point of view on how security should be done the services which are supported today are

02:42object storage file storage block volume and virtual machines and again some of the examples we talked

02:48about earlier buckets cannot be public and that can be enforced by security advisor the security advisor

02:55will walk you through on how to create a bucket in a security zone and it comes with its own set of

03:02requirements you have to use a customer manage key and and so on and so forth so security advisor would

03:08actually go through the steps required to do that in a demo we can take a look at how it works and then

03:15you will understand it a little bit better compared to just going through the slides just to recap these

03:21two again are unique services security zones configure a location in which you cannot disable security

03:27security advisor unifies security zone cloud guard other security capabilities together in a cohesive

03:35whole i hope you found this lesson useful thanks for watching