Implementation -> Infrastructure Hardening: Segmented networks for virtual environments

Risk: Virtual environments in default settings are able to access other virtual environments on the network stack. By using virtual machines, it is often possible to connect to other virtual machines. By using docker, one bridge is used by default so that all containers on one host can communicate with each other.

Opportunity: The communication between virtual environments is regulated.

Usefullness: Very High

Required knowledge: Medium (two disciplines)

Required time: Medium

Required resources (systems): Medium

Dependencies:

Implementation hints:

• istio
• bridges
• firewalls

OWASP SAMM 2 Mapping: o-environment-management|A|1