3.2. Conducting Site Exploration

No matter how you gain access to a target facility, be sure not to outstay your welcome. The risk of getting caught becomes exponentially higher the longer you stay on site. This is not to say that you should rush. Rushing is just as risky, but you should have a well-thought-out and flexible plan and know in advance what you're looking for. Sometimes this is not possible or the Rules of Engagement are deliberately vague and you have to do a little exploration. The following areas may be of interest to a penetration tester.

3.2.1. Reception (Is Not Security)

Sometimes it seems like it's all about reception. The purpose of reception is not security; that's very much a secondary function. Reception's main function is to welcome visitors and provide a face to the building. Who sees that face depends completely on the nature of the company, but it usually includes clients, salesmen, contractors and delivery men. It goes without saying that these groups are treated in very different ways.