The Cyber Security Division uses the attack vector technique – of which there are several, depending on the device for which the service is intended – to simulate the activities of a threat agent that accesses an IT system in an unauthorised manner.
Some of the attack vectors used are listed below:
- Infrastructure: IP, VPN, Wi-Fi, SCADA, etc.
- Applications: Web, Database, Client-Server, etc.
- Telephony: PBX, RAS, APN, BlackBerry, VoIP, etc.
- Others: Human, Physical, Videosorveglianza, Biometria, etc.
In some cases we prefer to run tests from a privileged position, using standard access credentials, to evaluate the possibility of circumventing the authentication and authorisation mechanisms in use.