title: Cleartext Protocol Usage id: d7fb8f0e-bd5f-45c2-b467-19571c490d7e status: stable description: | Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels. Ensure that an encryption is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access. references: - https://www.cisecurity.org/controls/cis-controls-list/ - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf author: Alexandr Yampolskyi, SOC Prime, Tim Shelton date: 2019/03/26 modified: 2022/10/10 # tags: # - CSC4 # - CSC4.5 # - CSC14 # - CSC14.4 # - CSC16 # - CSC16.5 # - NIST CSF 1.1 PR.AT-2 # - NIST CSF 1.1 PR.MA-2 # - NIST CSF 1.1 PR.PT-3 # - NIST CSF 1.1 PR.AC-1 # - NIST CSF 1.1 PR.AC-4 # - NIST CSF 1.1 PR.AC-5 # - NIST CSF 1.1 PR.AC-6 # - NIST CSF 1.1 PR.AC-7 # - NIST CSF 1.1 PR.DS-1 # - NIST CSF 1.1 PR.DS-2 # - ISO 27002-2013 A.9.2.1 # - ISO 27002-2013 A.9.2.2 # - ISO 27002-2013 A.9.2.3 # - ISO 27002-2013 A.9.2.4 # - ISO 27002-2013 A.9.2.5 # - ISO 27002-2013 A.9.2.6 # - ISO 27002-2013 A.9.3.1 # - ISO 27002-2013 A.9.4.1 # - ISO 27002-2013 A.9.4.2 # - ISO 27002-2013 A.9.4.3 # - ISO 27002-2013 A.9.4.4 # - ISO 27002-2013 A.8.3.1 # - ISO 27002-2013 A.9.1.1 # - ISO 27002-2013 A.10.1.1 # - PCI DSS 3.2 2.1 # - PCI DSS 3.2 8.1 # - PCI DSS 3.2 8.2 # - PCI DSS 3.2 8.3 # - PCI DSS 3.2 8.7 # - PCI DSS 3.2 8.8 # - PCI DSS 3.2 1.3 # - PCI DSS 3.2 1.4 # - PCI DSS 3.2 4.3 # - PCI DSS 3.2 7.1 # - PCI DSS 3.2 7.2 # - PCI DSS 3.2 7.3 logsource: category: firewall detection: selection: dst_port: - 8080 - 21 - 80 - 23 - 50000 - 1521 - 27017 - 3306 - 1433 - 11211 - 15672 - 5900 - 5901 - 5902 - 5903 - 5904 selection_allow1: action: - forward - accept - 2 selection_allow2: blocked: "false" # not all fws set action value, but are set to mark as blocked or allowed or not condition: selection and 1 of selection_allow* falsepositives: - Unknown level: low