Details
Do not use Docker’s default bridge docker0. Use docker’s user-defined networks for
container networking.Docker connects virtual interfaces created in the bridge mode to a common bridge called
docker0. This default networking model is vulnerable to ARP spoofing and MAC flooding
attacks since there is no filtering applied.
Solution
Follow Docker documentation and setup a user-defined network. Run all the containers in
the defined network.Impact-You have to manage the user-defined networks.Default Value-By default, docker runs containers on its docker0 bridge.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.