The purpose of accessing the building is to get access to sensitive data as part of the penetration test. Once you are past the perimeter access controls of the building, you have to discover your way to a location where you can work undisturbed or locate assets you want to physically remove from the building. Both way, you’ll likely go into the building without knowing the floor plan or where specific assets are found. Walking blindly around searching for a site to work is the most challenging part of the physical intrusion process. It’s also when you’re most likely to be detected or confronted.
Unless your goal is to get backup tapes or paper, you will probably want access to the data network. A good place to get that access is in a conversation room, as most of them have data network ports available. An organization that is following industry best practices will have the data ports in their conversation rooms on a guest network that is not directly connected to the main local area network (LAN). But if this is the case, you can still use the conversation room as a base of operations while you try to obtain access to the data network.
