Attack Vectors

The Cyber Security Division uses the attack vector technique – of which there are several, depending on the device for which the service is intended – to simulate the activities of a threat agent that accesses an IT system in an unauthorised manner.

Some of the attack vectors used are listed below:

  • Infrastructure: IP, VPN, Wi-Fi, SCADA, etc.
  • Applications: Web, Database, Client-Server, etc.
  • Telephony: PBX, RAS, APN, BlackBerry, VoIP, etc.
  • Others: Human, Physical, Videosorveglianza, Biometria, etc.

In some cases we prefer to run tests from a privileged position, using standard access credentials, to evaluate the possibility of circumventing the authentication and authorisation mechanisms in use.