This rule is designed to detect the usage of unencrypted cleartext protocols over the network, which can lead to the exposure of sensitive authentication credentials and usernames. The detection focuses on identifying network traffic to specific destination ports commonly associated with unencrypted protocols such as FTP (port 21), HTTP (port 80), Telnet (port 23), and various database and administrative ports. The rule aims to ensure that all account usernames and authentication credentials are transmitted securely over encrypted channels, thereby mitigating risks associated with credential theft. Network traffic that is allowed (with actions such as forward or accept and not blocked) is monitored and analyzed to check if the conditions for cleartext transmission are met. The rule is categorized under a low severity level given the potential risks associated with cleartext protocols, highlighting the importance of securing communication channels.