CloudWiki
Rules
Critical

Ensure there is no unrestricted inbound access to TCP port 2376 (Docker)

Security & Compliance
No items found.
Description

TCP port 2376 is used by Docker for secure communication between Docker hosts and Docker clients over TLS (Transport Layer Security) or SSL (Secure Sockets Layer). If left open and unrestricted, attackers can potentially gain unauthorized access to the Docker daemon, run malicious containers, steal sensitive data, or compromise the entire host system.

Remediation

To ensure there is no unrestricted inbound access to TCP port 2376, it is recommended to follow these remediation steps:

  1. Configure Docker to listen on the local UNIX socket instead of a TCP port if it is not needed for remote access.
  2. If remote access is required, enable TLS/SSL encryption and authenticate Docker clients with certificates or usernames/passwords.
  3. Configure a firewall to block all incoming traffic to port 2376 except from trusted IP addresses or networks.
  4. Periodically monitor and audit the Docker daemon and container activity to detect any suspicious behavior or unauthorized access attempts.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.