rules/compliance/firewall_cleartext_protocols.yml

title: Cleartext Protocol Usage
id: d7fb8f0e-bd5f-45c2-b467-19571c490d7e
status: stable
description: Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels. Ensure that an encryption
    is used for all sensitive information in transit. Ensure that an encrypted channels is used  for all administrative account access.
author: Alexandr Yampolskyi, SOC Prime
date: 2019/03/26
modified: 2021/11/23
references:
    - https://www.cisecurity.org/controls/cis-controls-list/
    - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
    - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
logsource:
    category: firewall
detection:
    selection1:
        dst_port:
            - 8080
            - 21
            - 80
            - 23
            - 50000
            - 1521
            - 27017
            - 3306
            - 1433
            - 11211
            - 15672
            - 5900
            - 5901
            - 5902
            - 5903
            - 5904
    selection2:
        action:
            - forward
            - accept
            - 2
    condition: selection1 and selection2
falsepositives:
    - Unknown
level: low
# tags:
    # - CSC4
    # - CSC4.5
    # - CSC14
    # - CSC14.4
    # - CSC16
    # - CSC16.5
    # - NIST CSF 1.1 PR.AT-2
    # - NIST CSF 1.1 PR.MA-2
    # - NIST CSF 1.1 PR.PT-3
    # - NIST CSF 1.1 PR.AC-1
    # - NIST CSF 1.1 PR.AC-4
    # - NIST CSF 1.1 PR.AC-5
    # - NIST CSF 1.1 PR.AC-6
    # - NIST CSF 1.1 PR.AC-7
    # - NIST CSF 1.1 PR.DS-1
    # - NIST CSF 1.1 PR.DS-2
    # - ISO 27002-2013 A.9.2.1
    # - ISO 27002-2013 A.9.2.2
    # - ISO 27002-2013 A.9.2.3
    # - ISO 27002-2013 A.9.2.4
    # - ISO 27002-2013 A.9.2.5
    # - ISO 27002-2013 A.9.2.6
    # - ISO 27002-2013 A.9.3.1
    # - ISO 27002-2013 A.9.4.1
    # - ISO 27002-2013 A.9.4.2
    # - ISO 27002-2013 A.9.4.3
    # - ISO 27002-2013 A.9.4.4
    # - ISO 27002-2013 A.8.3.1
    # - ISO 27002-2013 A.9.1.1
    # - ISO 27002-2013 A.10.1.1
    # - PCI DSS 3.2 2.1
    # - PCI DSS 3.2 8.1
    # - PCI DSS 3.2 8.2
    # - PCI DSS 3.2 8.3
    # - PCI DSS 3.2 8.7
    # - PCI DSS 3.2 8.8
    # - PCI DSS 3.2 1.3
    # - PCI DSS 3.2 1.4
    # - PCI DSS 3.2 4.3
    # - PCI DSS 3.2 7.1
    # - PCI DSS 3.2 7.2
    # - PCI DSS 3.2 7.3
Update cleartext_protocols.yml 2019-08-05 19:47:03 +02:00			`title: Cleartext Protocol Usage`
$frack113$ split global cleartext_protocols.yml 2021-09-21 19:56:47 +02:00			`id: d7fb8f0e-bd5f-45c2-b467-19571c490d7e`
Fixed my git issue 2020-09-13 22:03:04 -06:00			`status: stable`
Added UUIDs to rules 2019-11-12 23:12:27 +01:00			`description: Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels. Ensure that an encryption`
			`is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access.`
Fixed my git issue 2020-09-13 22:03:04 -06:00			`author: Alexandr Yampolskyi, SOC Prime`
			`date: 2019/03/26`
$frack113$ fix field name 2021-11-23 18:47:42 +01:00			`modified: 2021/11/23`
compliance rules by SOC prime 2019-08-05 19:42:19 +03:00			`references:`
Added UUIDs to rules 2019-11-12 23:12:27 +01:00			`- https://www.cisecurity.org/controls/cis-controls-list/`
			`- https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf`
			`- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf`
$frack113$ fix field name 2021-11-23 18:47:42 +01:00			`logsource:`
			`category: firewall`
			`detection:`
			`selection1:`
			`dst_port:`
			`- 8080`
			`- 21`
			`- 80`
			`- 23`
			`- 50000`
			`- 1521`
			`- 27017`
			`- 3306`
			`- 1433`
			`- 11211`
			`- 15672`
			`- 5900`
			`- 5901`
			`- 5902`
			`- 5903`
			`- 5904`
			`selection2:`
			`action:`
			`- forward`
			`- accept`
			`- 2`
			`condition: selection1 and selection2`
			`falsepositives:`
fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00			`- Unknown`
$frack113$ fix field name 2021-11-23 18:47:42 +01:00			`level: low`
$frack113$ Fix invalid tags 2021-08-25 09:15:57 +02:00			`# tags:`
			`# - CSC4`
			`# - CSC4.5`
			`# - CSC14`
			`# - CSC14.4`
			`# - CSC16`
			`# - CSC16.5`
			`# - NIST CSF 1.1 PR.AT-2`
			`# - NIST CSF 1.1 PR.MA-2`
			`# - NIST CSF 1.1 PR.PT-3`
			`# - NIST CSF 1.1 PR.AC-1`
			`# - NIST CSF 1.1 PR.AC-4`
			`# - NIST CSF 1.1 PR.AC-5`
			`# - NIST CSF 1.1 PR.AC-6`
			`# - NIST CSF 1.1 PR.AC-7`
			`# - NIST CSF 1.1 PR.DS-1`
			`# - NIST CSF 1.1 PR.DS-2`
			`# - ISO 27002-2013 A.9.2.1`
			`# - ISO 27002-2013 A.9.2.2`
			`# - ISO 27002-2013 A.9.2.3`
			`# - ISO 27002-2013 A.9.2.4`
			`# - ISO 27002-2013 A.9.2.5`
			`# - ISO 27002-2013 A.9.2.6`
			`# - ISO 27002-2013 A.9.3.1`
			`# - ISO 27002-2013 A.9.4.1`
			`# - ISO 27002-2013 A.9.4.2`
			`# - ISO 27002-2013 A.9.4.3`
			`# - ISO 27002-2013 A.9.4.4`
			`# - ISO 27002-2013 A.8.3.1`
			`# - ISO 27002-2013 A.9.1.1`
			`# - ISO 27002-2013 A.10.1.1`
			`# - PCI DSS 3.2 2.1`
			`# - PCI DSS 3.2 8.1`
			`# - PCI DSS 3.2 8.2`
			`# - PCI DSS 3.2 8.3`
			`# - PCI DSS 3.2 8.7`
			`# - PCI DSS 3.2 8.8`
			`# - PCI DSS 3.2 1.3`
			`# - PCI DSS 3.2 1.4`
			`# - PCI DSS 3.2 4.3`
			`# - PCI DSS 3.2 7.1`
			`# - PCI DSS 3.2 7.2`
$frack113$ fix field name 2021-11-23 18:47:42 +01:00			`# - PCI DSS 3.2 7.3`