Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 12. Attacking Smart Meters > Endnotes - Pg. 231

Endnotes 231 OSSTMM's Tandem approach, and Red Teaming is equitable to OSSTMM's Blind approach. An attackers approach will almost always most closely align with OSSTMM's Double Blind approach. Finally, the Penetration Testing section of NIST 800-42 describes their Four Stage Penetration Testing Methodology. These four stages (planning, discovery, attack, and reporting) are similar to each of the larger methodologies outlined in this chapter. However, this specific methodology emphasizes that once an attacker has successfully compromised a vulnerable system, the methodology reverts to the discovery phase as the attacker determines if they can discover any additional information or systems that were previously inaccessible. Attackers will definitely want to ensure that the utility companies or smart meter manufacturers are unaware of their testing activities. Similarly, attackers' security testing plan should incorporate additional discovery if and when they compromise the smart meter, as it may give them access to information and systems they had not originally thought would be available. SUMMARY