Unencrypted HTTP basic authentication not flagged as a risk/threat?
I was doing a side-by-side comparison of various IDS/IPS sensors, including an inline Suricata sensor, as well as my PAN firewall. Suricata throws an alert if it detects that an HTTP Basic Authentication event crosses the sensor over an unencrypted connection, but the PAN firewall doesn't. This should throw an alert of some kind, as HTTP Basic A...




