Workload misconfigurations

Ensure network traffic is restricted between containers on the default bridge (Automated)

Risk Level

Informational (4)

Platform(s)

  • N/A

Compliance Frameworks

Description

By default, all network traffic is allowed between containers on the same host on the default network bridge.

  • Recommended Mitigation

    Edit the Docker daemon configuration file to ensure that icc is disabled. It should include the following setting: 'icc: false'. Alternatively, run the docker daemon directly and pass '--icc=false' as an argument. For Example: 'dockerd --icc=false'

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.