DKER-EE-006240 - Docker Enterprise data exchanged between Linux containers on different nodes must be encrypted on the overlay network.

Information

Encrypt data exchanged between containers on different nodes on the overlay network.

By default, data exchanged between containers on different nodes on the overlay network is not encrypted. This could potentially expose traffic between the container nodes.

Solution

Create overlay network with --opt encrypted flag.

Example:
docker network create --opt encrypted --driver overlay my-network

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Docker_Enterprise_2-x_Linux-Unix_V2R2_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13, CAT|II, CCI|CCI-002450, Rule-ID|SV-235872r962034_rule, STIG-ID|DKER-EE-006240, STIG-Legacy|SV-104919, STIG-Legacy|V-95781, Vuln-ID|V-235872

Plugin: Unix

Control ID: fbe8d1fde809e8f38e4684337b95f1a582195ad656150622964dd34d92200f87