Back to Blog
How to Secure Your OCI Always Free Tier Network: A Practical Guide

How to Secure Your OCI Always Free Tier Network: A Practical Guide

   Mariusz Antonik    Security    4 min read    346 views

1. Introduction

Oracle Cloud’s Always Free Tier is incredibly powerful — but just because it’s free doesn’t mean it’s secure out of the box.
If you spin up a VCN, a VM, and a DB system without hardening the environment, you’re exposing yourself to attacks within minutes.

In this guide, I’ll walk you through exactly how I secure every Always Free Tier deployment for clients, students, and my own lab environments.

This method is lightweight, simple, and follows Oracle’s recommended architecture—perfect for beginners and small businesses building their first cloud presence.

2. What Problem This Solves

Most Free Tier users run into these issues:

  • VM SSH port exposed to the whole internet

  • Public subnet used when private would be better

  • No NSGs (Network Security Groups)

  • Security Lists left wide open

  • No host-level firewall rules

  • No monitoring alerts for security events

And yes, I’ve seen production systems running like this.

Let’s fix that.

3. Step-by-Step Guide

Step 1 — Create a Private VCN Layout

OCI Console → Networking → Virtual Cloud Networks → Create VCN

Recommended CIDR:

 
10.0.0.0/16

Subnets:

  • 10.0.1.0/24 — Public Subnet (for LB / bastion)

  • 10.0.2.0/24 — Private Subnet (for compute/db)

CLI Equivalent:

 
oci network vcn create \ --cidr-block "10.0.0.0/16" \ --compartment-id <COMPARTMENT_OCID> \ --display-name "secure-vcn"

Step 2 — Replace Security Lists With NSGs

Security Lists apply to subnets → too broad
NSGs apply to resources → perfect for security

Create NSG for Compute

 
NSG_COMPUTE

Rules to allow only:

  • SSH from your home IP

  • HTTP/HTTPS if you run a website

  • MySQL only inside VCN

CLI Example:

 
oci network nsg create \ --vcn-id <VCN_OCID> \ --display-name "nsg-compute"

Add ingress rule:

 
oci network nsg rules add \ --nsg-id <NSG_OCID> \ --ingress-rules '[ {"protocol":"6","source":"YOUR.IP.ADDR.0/24","tcpOptions":{"destinationPortRange":{"min":22,"max":22}}} ]'

Step 3 — Harden Your Compute VM

SSH into your VM and run:

 
sudo ufw allow from YOUR.IP.ADDR.0/24 to any port 22 sudo ufw enable

Disable password login:

 
sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config sudo systemctl restart sshd

Step 4 — Remove Public IP from Database

Never expose MySQL or HeatWave externally.

OCI Console → MySQL → DB →
Disable Public Access

Step 5 — Add a Bastion for Administrative Access

OCI Console → Bastion → Create Bastion
Attach to Public Subnet.

You now SSH using:

 
ssh -i key opc@<PRIVATE_IP> -J <BASTION_IP>

Step 6 — Enable Cloud Guard + Security Zones

Turn on:

  • Cloud Guard

  • Security Recipes

  • Threat Detection

This gives you alerts when something is misconfigured or suspicious.

4. Architecture Diagram

(Image will be generated in next message)

Placeholder:

 
Internet | +--------------+ | OCI Bastion | +--------------+ | ------------------------- | VCN 10.0.0.0/16 | ------------------------- | Public Subnet 10.0.1.0/24 (LB) | Private Subnet 10.0.2.0/24 (Compute/DB)

5. Best Practices

  • Always restrict SSH by IP

  • Always use NSGs instead of Security Lists

  • Never expose DB services publicly

  • Use Bastion instead of public VMs

  • Enable automatic OS updates

  • Use Vault for private keys

  • Use Cloud Guard for continuous monitoring

6. Common Errors / Troubleshooting

Error Cause Fix
“SSH timeout” NSG rule missing Allow port 22 from your IP
DB not reachable DB in private subnet Use bastion or private endpoint
Website offline LB health check failing Allow LB subnet inside NSG
Cannot update OS DHCP disabled Re-enable VNIC DHCP

7. Summary

With these steps, your Always Free Tier network becomes secure, structured, and production-ready — even though it costs you $0/month.

If you're a beginner or small business owner building your first OCI environment, this is the safest and simplest setup.

 

👉 Download the free guide: “7 OCI Networking Mistakes to Avoid”
https://dmcloudarchitect.com/c/7_oci_mistakes_to_avoid.html

 

Tags: #MySQL #OCI
Share: Twitter LinkedIn Facebook
Read Next
Understanding HeatWave In-Memory Storage — Compression, Encoding & Columnar Magic
Understanding HeatWave In-Memory Storage — Compression, Encoding & Columnar Magic
Nov 23, 2025
HeatWave Query Engine Internals — Joins, Aggregations, Hashing & Vectorization
HeatWave Query Engine Internals — Joins, Aggregations, Hashing & Vectorization
Nov 24, 2025
Monitoring HeatWave — Complete Guide for DBAs & DevOps
Monitoring HeatWave — Complete Guide for DBAs & DevOps
Nov 26, 2025
OCI Dynamic Routing Gateway Setup Step-by-Step for Hybrid Networking
OCI Dynamic Routing Gateway Setup Step-by-Step for Hybrid Networking
Nov 27, 2025
About the Author
Mariusz Antonik

Oracle Cloud Infrastructure expert and consultant specializing in database management and automation.

Recent Posts
Detect Storage Issues Early in Linux Systems
May 05, 2026 How to Detect Slow Infrastructure Issues Before They Become Outages
May 02, 2026 Disk Growth Trend Linux: How to Track and Prevent Disk Issues Early
May 01, 2026 Track CPU Utilization on Linux Server (Simple & Practical Guide)
Apr 30, 2026 Infrastructure Trends vs Alerts: How to Prevent Server Outages Early
Apr 27, 2026
All Tags
#Advanced #alerts #Bash #bash cpu monitoring script #bash monitoring #bash scripting #Beginner #Best Practices #block volume backup #Capacity Planning #cloud backup strategy #cpu bottleneck #CPU Monitoring #cpu monitoring linux #cpu monitoring script linux #cpu trends #cpu usage trends #cpu usage trends linux #create oracle db system in oci #cron cpu monitoring #cron cpu monitoring linux #cron jobs #database monitoring #database performance #detect slow queries mysql #devops #disk capacity planning server #disk forecasting linux #disk growth trend linux #Disk Monitoring #disk usage #disk usage script linux #disk usage trends #Early Detection #easy infrastructure monitoring #free-tier #Guide #health dashboards #Health Reporting #historical server monitoring #how to monitor cpu usage linux #infrastructure #infrastructure health #infrastructure health dashboard #infrastructure health reporting #infrastructure monitoring #infrastructure monitoring report #infrastructure trends #infrastructure trends monitoring #Infrastructure Visibility #lightweight linux monitoring #lightweight monitoring #linux #linux administration #linux cpu monitoring #linux cpu usage #linux disk capacity planning #linux disk usage #Linux monitoring #linux monitoring setup #linux monitoring tools #linux performance #linux performance monitoring #linux server #linux server monitoring #linux servers #linux storage #linux tools #low maintenance monitoring #monitor cpu usage over time linux #monitor linux server health #monitor server trends #monitor small production server #monitoring without complexity #MySQL #mysql health reporting #MySQL monitoring #mysql optimization #MySQL Performance #mysql performance degradation #mysql performance monitoring #mysql performance trends #mysql query performance issues #mysql server monitoring #mysql slow queries #mysql slow query analysis #mysql slow query monitoring #mysql trends #mysql-health #networking #nsg #OCI #oci backup #oci bastion tutorial #oci block volume #oci infrastructure as code #OCI monitoring #oci networking #oci oracle database private subnet setup #oci oracle database tutorial #oci security #oci setup guide #oci terraform tutorial #oci tutorial for beginners #oci vcn terraform #oci virtual machine db system guide #oracle base database service tutorial #oracle cloud bastion #oracle cloud free tier tutorial #oracle cloud infrastructure step by step #oracle cloud infrastructure tutorial #oracle cloud storage #oracle database on oci setup #oracle-cloud #Performance #Performance Degradation #performance monitoring #performance trend monitoring #performance trends #plan disk growth server #practical server monitoring #predict disk usage growth #private instance access #query optimization #Security #security lists #server health #server health reporting #server health weekly report #server monitoring #Server Performance #server trend analysis #server-trends #simple cpu monitoring linux #simple linux monitoring #simple monitoring small business #simple monitoring system #simple ops monitoring #slow queries #slow query reporting mysql #small business infrastructure #small business IT #small business servers #small infrastructure monitoring #small server monitoring #ssh bastion #storage capacity planning linux #storage monitoring #subnets #system health reporting #terraform oci compute #terraform oracle cloud infrastructure #Trend Monitoring #trend-analysis #trends #Tutorial #vcn