CME-204

IPsec / WireGuard (Encrypted Transport)

Isolate Network High Confidence

Description

Encrypts all network traffic between hosts using IPsec or WireGuard, preventing eavesdropping, injection, and man-in-the-middle attacks on the wire.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Network-level MitM requires breaking cryptographic tunnel
Confidentiality (C) H L Encrypted transit prevents passive eavesdropping

CWE Relationships

CWE-319 CWE-300 CWE-311

Verification

Verify IPsec or WireGuard tunnels are established

$ ipsec status 2>/dev/null || wg show 2>/dev/null
# Expected: established|interface
Platform: linux
← CME-203: Network Segmentation (VLANs/Subnets) CME-205: Service Binding to Localhost →