Details
Encrypt data exchanged between containers on different nodes on the overlay network.
Rationale:
By default, data exchanged between containers on different nodes on the overlay network is not encrypted. This could potentially expose traffic between the container nodes.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Create overlay network with–opt encrypted flag.
Impact:
None
Default Value:
By default, data exchanged between containers on different nodes on the overlay network are not encrypted in the Docker swarm mode.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.