# How to resolve Sprinto check to protect Oracle Cloud Instance from direct internet access

### About

Sprinto check: Compute instance should be protected from direct internet traffic

Protecting Oracle Cloud Compute Instances from direct public internet access is essential for enhancing security, reducing the attack surface, and mitigating potential cyber threats.

### Purpose

The purpose of protecting Oracle Cloud Compute Instances from direct public internet access is to:

1. Enhance Security: Minimize the risk of unauthorized access, data breaches, and malicious attacks by restricting direct access to compute instances from the public internet.
2. Reduce Attack Surface: Limit exposure to potential security vulnerabilities and exploits by preventing direct communication between compute instances and external networks.
3. Compliance Requirements: Align with regulatory compliance requirements and industry standards by implementing robust security measures, including network access controls and segmentation, to protect compute instances from external threats.

### How to resolve

Follow the below steps to restrict the public internet access of Oracle Cloud compute instance

#### Before you begin

* Ensure you have “Admin” access to the Oracle Cloud account where you wish to perform the following action.

#### Modifying internet access

1. Log in on [Oracle Cloud](https://www.oracle.com/in/cloud/sign-in.html) using your credentials.
2. Navigate to Instance services.

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72088636023/original/W4NjsmWrTC2AQ6GN7A-BIEfN70cRenXqGA.png?1709901689" alt="" width="563"><figcaption></figcaption></figure>
3. Select the Instance for which you wish to restrict public internet access.

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72088636026/original/iEenyouk6ZmkTi7Jztz4KIShKZRwwzXw4g.png?1709901689" alt="" width="563"><figcaption></figcaption></figure>
4. On Instance details page, select the Instance information tab and select the Subnet option under the Primary VNIC.<br>

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72088636027/original/tvcZQIXFqZ_1_uFc9RwWiKobklVTC5o1mA.png?1709901689" alt="" width="563"><figcaption></figcaption></figure>
5. Select your current configured Security List.

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72088636004/original/EavNtn0Mw7E9P2ZqbiLdgSNezVvGQsXpcQ.png?1709901681" alt="" width="563"><figcaption></figcaption></figure>
6. Under Ingress Rules, ensure the Source configured as 0.0.0.0/0 for **port 22** is removed.
7. To remove this rule, select it and click **Remove**.<br>

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72088636022/original/5BzKkD9zAhfSCTgih55WeGYeGOKYiZdO0A.png?1709901688" alt="" width="563"><figcaption></figcaption></figure>

Once the alert is created, Sprinto retrieves the change from your integrated Oracle Cloud account on Sprinto and sets the assigned check status to "Passing."

If you need any assistance with the Sprinto check, please contact Sprinto Support.