Stop Sending Sensitive Data with Cleartext Protocols
Cleartext protocols, like Hyper Text Transfer Protocol (HTTP), Telnet, and File Transfer Protocol (FTP) do not use any sort of encryption to protect the data being sent over them. For the most part, this is ok, as not every web page or file that is shared needs to be protected in that manner. If you are looking at a page on Wikipedia, then it is understandable that there is no encryption on that page, as the information is readily available for everyone to look at. But logging into the admin console of your website is definitely not something you want to share with everyone else. Cleartext protocols allow threat actors to sniff network traffic and see everything in plain writing. If that network packet happens to be you logging into your web admin portal, then that means your username and password are more visible to the threat actor then they…