Aşağıda threats, spyware, ve anti-virus için risk seviyesini belirlemek için kullanılan tablo bulunmaktadır. Bu tablo aracılığı ile risk seviyelerini hesaplayabilirsiniz. Orijinal yapısı bozulmaması için olduğu gibi sunuyorum.
Technology
| Technology | Description |
|---|---|
| network-protocol | An application that is generally used for system to system communication that facilitates network operation. This includes most of the IP protocols. |
| client-server | An application that uses a client-server model where one or more clients communicate with a server in the network. |
| peer-to-peer | An application that communicates directly with other clients to transfer information instead of relying on a central server to facilitate the communication. |
| browser-based | An application that relies on a web browser to function. |
Characteristics
| Characteristic | Description |
|---|---|
| Capable of File Transfer | Likely has more than 1,000,000 users. Has the capability to transfer a file from one system to another over a network. A streaming app that has no other mechanism to transfer files other than the video or audio streaming should not be flagged as able to transfer files. |
| Used by Malware | Malware has been known to use the app for propagation, attack, or data theft, or is distributed with malware. |
| Excessive Bandwidth Use | Consumes at least 1 Mbps on a regular basis through normal use. |
| Evasive | Uses a port or protocol for something other than its originally intended purpose with the hope that it will traverse a firewall. |
| Pervasive | Likely has more than 1,000,000 users. |
| Known Vulnerabilities | Has publicly reported vulnerability. For web-based apps, it should also be set to yes, as HTTP always has vulnerability. |
| Prone to Misuse | Often used for nefarious purposes or is easily setup to expose more than the user intended. |
| Tunnels Other Apps | Is able to transport other applications inside its protocol. |
| File-type ident | Should be set if app can upload or download a file-type over a decodable protocol (e.g. http). |
| Spyware-ident | Should be set if the app can upload or download an executable file over a decodable protocol. |
| Virus-ident | Same as spyware ident. |
| Vulnerability-ident | For web-based apps, the vulnerability-ident should always be yes, since they are http and http always has some vulnerabilities. |
| deny-action | For web-based apps,deny-action should be set to drop-reset (unless there is some issues with the app receiving tcp-reset). |
Risk Calculation
Weights
| Characteristic | Factor |
|---|---|
| Evasive | 3 |
| Excessive Bandwidth Use | 1 |
| Used by Malware | 4 |
| Capable of File Transfer | 3 |
| Known Vulnerabilities | 3 |
| Tunnels Other Apps | 2 |
| Prone to Misuse | 2 |
| Pervasive | 1 |
| Total | 19 |
Risk Assignment
| Risk | Range |
|---|---|
| 1 | 0–3 |
| 2 | 4–6 |
| 3 | 7–9 |
| 4 | 10–13 |
| 5 | 14+ |
