The following table maps defenses to examples of threats that they parry.
This matrix can help you decide whether you need to configure specific defenses. Consult this table if you decide NOT to configure a defense -- make sure that you are still shielded from the corresponding threats.
Defense | Damages | Attackers | Techniques | Vulnerabilities |
---|---|---|---|---|
SSL/TLS | Theft and corruption | Insiders and outsiders | Man-in-the middle, eavesdropping, physical access | Network JDBC, cleartext traffic |
Encryption | Theft and corruption | Chiefly insiders | Physical access | Open source |
Authentication | Theft, corruption, denial of service | Insiders and outsiders | Probing | Superusers |
Coarse-grained authorization | Theft, corruption, denial of service | Insiders and outsiders | Probing | Superusers |
Fine-grained SQL authorization | Theft, corruption, denial of service | Insiders and outsiders | Probing | Superusers |
Firewalls | Theft, corruption, denial of service | Insiders and outsiders | Probing | Network JDBC |
Accounts | Theft, corruption, denial of service | Insiders | Man-in-the-middle, malware, physical access | Launch privileges, user code |
Physical locks | Theft, corruption, denial of service | Insiders | Man-in-the-middle, malware, physical access | Launch privileges, user code |
Secure traffic | Theft and corruption | Insiders | Man-in-the-middle, eavesdropping | Cleartext traffic |
File permissions | Theft, corruption, denial of service | Insiders and outsiders | Malware | Launch privileges, user code, open source |