Understanding instance operating system images
An instance image holds the operating system and other tools and software that go with it. Images can be Oracle-provided, Custom, or BYOI. You can choose an image from either Oracle Linux, Microsoft Windows, Ubuntu, or CentOS. As far as security concerns go within those images, Oracle adds rules within those images that restrict anyone else but the root on Linux instances (and administrators on Windows instances) from making outgoing connections to the iSCSI network endpoint (169.254.0.2:3260), which serves the instance's boot and block volumes.
For a maximum security posture, OCI's recommendation is not to tamper with any of the default operating system firewall rules as these may expose the risk of non-admins accessing the boot disk and other filesystems. This is also valid when you're creating a custom image from this.
Let's look at some of the characteristics of these images.
The following are characteristics...
