Analytics Story: Use of Cleartext Protocols

Description

Leverage searches that detect cleartext network protocols that may leak credentials or should otherwise be encrypted.

Why it matters

Various legacy protocols operate by default in the clear, without the protections of encryption. This potentially leaks sensitive information that can be exploited by passively sniffing network traffic. Depending on the protocol, this information could be highly sensitive, or could allow for session hijacking. In addition, these protocols send authentication information, which would allow for the harvesting of usernames and passwords that could potentially be used to authenticate and compromise secondary systems.

Detections

Name ▲▼ Technique ▲▼ Type ▲▼
Protocols passing authentication in cleartext None TTP

Data Sources

Name ▲▼ Platform ▲▼ Sourcetype ▲▼ Source ▲▼

References


Source: GitHub | Version: 1