Docker Enterprise data exchanged between Linux containers on different nodes must be encrypted on the overlay network.

An XCCDF Rule

Description

<VulnDiscussion>Encrypt data exchanged between containers on different nodes on the overlay network. By default, data exchanged between containers on different nodes on the overlay network is not encrypted. This could potentially expose traffic between the container nodes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-235872r627743_rule
Severity: Medium
References: CCI-002450
Updated: about 1 year ago

Create overlay network with --opt encrypted flag. 

Example:
docker network create --opt encrypted --driver overlay my-network

Docker Enterprise data exchanged between Linux containers on different nodes must be encrypted on the overlay network.

Description

Remediation - Manual Procedure