Usage of host networking and ports should be restricted
HIGH
Restricts containers from using host networking or binding to host ports, maintaining network isolation.
What does this mean?
When a container uses host networking, it shares the network namespace with the host node, bypassing network policies and gaining access to all host network interfaces. This recommendation restricts the use of host networking and host ports.
Benefits of implementation
- Maintains network isolation between containers and hosts
- Prevents containers from intercepting host network traffic
- Enables effective use of network policies
Drawbacks and considerations
- Some network monitoring or load balancing tools need host networking
- NodePort services are a separate concern
- May need exceptions for specific infrastructure workloads
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- HIGH
- Category
- Network Security
- Azure Resource
- Frameworks
- 3 frameworks
- Last updated
- 2026-02-12