2.19 Encrypt data exchanged between containers on different nodes on the overlay network

Information

Encrypt data exchanged between containers on different nodes on the overlay network.

Rationale:

By default, data exchanged between containers on different nodes on the overlay network is not encrypted. This could potentially expose traffic between the container nodes.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Create overlay network with--opt encrypted flag.

Impact:

None

Default Value:

By default, data exchanged between containers on different nodes on the overlay network are not encrypted in the Docker swarm mode.

See Also

https://workbench.cisecurity.org/files/1476

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8

Plugin: Unix

Control ID: 4d9b46ae5e73979e967ed8654637d1c1ab911f6ea04df4c65f58e8861c97df30