The following table maps defenses to examples of threats that they parry.
This matrix can help you decide whether you need to configure specific defenses. Consult this table if you decide NOT to configure a defense -- make sure that you are still shielded from the corresponding threats.
| Defense | Damages | Attackers | Techniques | Vulnerabilities |
|---|---|---|---|---|
| Java security | Theft, corruption, denial of service | Insiders and outsiders | Malware, physical access | Network JDBC, unbounded growth, CPU hogging, launch privileges, user code, open source |
| SSL/TLS | Theft and corruption | Insiders and outsiders | Man-in-the middle, eavesdropping, physical access | Network JDBC, cleartext traffic |
| Encryption | Theft and corruption | Chiefly insiders | Physical access | Open source |
| Authentication | Theft, corruption, denial of service | Insiders and outsiders | Probing | Superusers |
| Coarse-grained authorization | Theft, corruption, denial of service | Insiders and outsiders | Probing | Superusers |
| Fine-grained SQL authorization | Theft, corruption, denial of service | Insiders and outsiders | Probing | Superusers |
| Firewalls | Theft, corruption, denial of service | Insiders and outsiders | Probing | Network JDBC |
| Accounts | Theft, corruption, denial of service | Insiders | Man-in-the-middle, malware, physical access | Launch privileges, user code |
| Physical locks | Theft, corruption, denial of service | Insiders | Man-in-the-middle, malware, physical access | Launch privileges, user code |
| Secure traffic | Theft and corruption | Insiders | Man-in-the-middle, eavesdropping | Cleartext traffic |
| File permissions | Theft, corruption, denial of service | Insiders and outsiders | Malware | Launch privileges, user code, open source |