Details

Encrypt data exchanged between containers on different nodes on the overlay network.

Rationale:

By default, data exchanged between containers on different nodes on the overlay network is not encrypted. This could potentially expose traffic between the container nodes.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Create overlay network with–opt encrypted flag.

Impact:

None

Default Value:

By default, data exchanged between containers on different nodes on the overlay network are not encrypted in the Docker swarm mode.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/1476

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-8

Source

• Tenable.com/audits