action: global title: Cleartext Protocol Usage id: 7e4bfe58-4a47-4709-828d-d86c78b7cc1f status: stable description: Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels. Ensure that an encryption is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access. author: Alexandr Yampolskyi, SOC Prime date: 2019/03/26 references: - https://www.cisecurity.org/controls/cis-controls-list/ - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf falsepositives: - unknown level: low tags: - CSC4 - CSC4.5 - CSC14 - CSC14.4 - CSC16 - CSC16.5 - NIST CSF 1.1 PR.AT-2 - NIST CSF 1.1 PR.MA-2 - NIST CSF 1.1 PR.PT-3 - NIST CSF 1.1 PR.AC-1 - NIST CSF 1.1 PR.AC-4 - NIST CSF 1.1 PR.AC-5 - NIST CSF 1.1 PR.AC-6 - NIST CSF 1.1 PR.AC-7 - NIST CSF 1.1 PR.DS-1 - NIST CSF 1.1 PR.DS-2 - ISO 27002-2013 A.9.2.1 - ISO 27002-2013 A.9.2.2 - ISO 27002-2013 A.9.2.3 - ISO 27002-2013 A.9.2.4 - ISO 27002-2013 A.9.2.5 - ISO 27002-2013 A.9.2.6 - ISO 27002-2013 A.9.3.1 - ISO 27002-2013 A.9.4.1 - ISO 27002-2013 A.9.4.2 - ISO 27002-2013 A.9.4.3 - ISO 27002-2013 A.9.4.4 - ISO 27002-2013 A.8.3.1 - ISO 27002-2013 A.9.1.1 - ISO 27002-2013 A.10.1.1 - PCI DSS 3.2 2.1 - PCI DSS 3.2 8.1 - PCI DSS 3.2 8.2 - PCI DSS 3.2 8.3 - PCI DSS 3.2 8.7 - PCI DSS 3.2 8.8 - PCI DSS 3.2 1.3 - PCI DSS 3.2 1.4 - PCI DSS 3.2 4.3 - PCI DSS 3.2 7.1 - PCI DSS 3.2 7.2 - PCI DSS 3.2 7.3 --- logsource: product: netflow detection: selection: destination.port: - 8080 - 21 - 80 - 23 - 50000 - 1521 - 27017 - 1433 - 11211 - 3306 - 15672 - 5900 - 5901 - 5902 - 5903 - 5904 condition: selection --- logsource: category: firewall detection: selection1: destination.port: - 8080 - 21 - 80 - 23 - 50000 - 1521 - 27017 - 3306 - 1433 - 11211 - 15672 - 5900 - 5901 - 5902 - 5903 - 5904 selection2: action: - forward - accept - 2 condition: selection1 AND selection2