How to Determine Risk Level of Application, Spyware, and Anti-Virus

by jnguyen on ‎05-21-2009 01:55 PM - edited on ‎08-18-2015 02:55 PM by jbrowning1 (15,855 Views)

Shown below is the matrix used to determine the risk level of threats, spyware, and anti-virus.



Technology Description
network-protocol An application that is generally used for system to system communication that facilitates network operation.  This includes most of the IP protocols.
client-server An application that uses a client-server model where one or more clients communicate with a server in the network.
peer-to-peer An application that communicates directly with other clients to transfer information instead of relying on a central server to facilitate the communication.
browser-based An application that relies on a web browser to function.



Characteristic Description
Capable of File Transfer Likely has more than 1,000,000 users.  Has the capability to transfer a file from one system to another over a network.  A streaming app that has no other mechanism to transfer files other than the video or audio streaming should not be flagged as able to transfer files.
Used by Malware Malware has been known to use the app for propagation, attack, or data theft, or is distributed with malware.
Excessive Bandwidth Use Consumes at least 1 Mbps on a regular basis through normal use.
Evasive Uses a port or protocol for something other than its originally intended purpose with the hope that it will traverse a firewall.
Pervasive Likely has more than 1,000,000 users.
Known Vulnerabilities Has publicly reported vulnerability.  For web-based apps, it should also be set to yes, as HTTP always has vulnerability.
Prone to Misuse Often used for nefarious purposes or is easily setup to  expose more than the user intended.
Tunnels Other Apps Is able to transport other applications inside its protocol.
File-type ident Should be set if app can upload or download a file-type over a decodable protocol (e.g. http).
Spyware-ident Should be set if the app can upload or download an executable file over a decodable protocol.
Virus-ident Same as spyware ident.
Vulnerability-ident For web-based apps, the vulnerability-ident should always be yes, since they are http and http always has some vulnerabilities.
deny-action For web-based apps,deny-action should be set to drop-reset (unless there is some issues with the app receiving tcp-reset).


Risk Calculation


Characteristic Factor
Evasive 3
Excessive Bandwidth Use 1
Used by Malware 4
Capable of File Transfer 3
Known Vulnerabilities 3
Tunnels Other Apps 2
Prone to Misuse 2
Pervasive 1
Total 19


Risk Assignment

Risk Range
1 0–3
2 4–6
3 7–9
4 10–13
5 14+


owner: jnguyen

by tmaeda
on ‎09-30-2014 09:53 PM

This is not explanation of 'Risk Level of Threat'.

This is explanation of Risk Level of Application.

Subject should be revised.

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community