As you move toward container-based applications, one of the items you'll want to put some serious consideration toward is network security. Containers, in particular, can lead to a proliferation in the number of network endpoints that need to be secured. Granted, not all endpoints are fully exposed to the network. However, those that aren't, by default, talk directly to each other, which can cause other concerns. There are many ways to tackle network security when it comes to container-based applications, and this chapter doesn't aim to address all possible solutions. Rather, this chapter aims to review configuration options and relevant network topologies that can be combined in a number of different ways based on your own network security requirements. We'll discuss in detail some features that we were exposed to in earlier chapters such as ICC mode and outbound masquerading. In addition, we'll cover a couple of different techniques to limit the network exposure of your containers.