From: Tommy Thomas
Sent: Tuesday, January 7, 2014 2:55 PM
To: ‘dan.mclane@coeurgroup.com’
Subject: FW: Non-City Person in Break Room Afterhours
Importance: High

Here’s a good one that is in reference to what we were discussing earlier about physical security and access to the network ports in conference rooms.

Thank-you,
Tommy Thomas MCP, Network+, Security+, C|EH, MCSA, MCSE
Network Systems Administrator City of Ocala IT Division
110 SE Watula Ave.
Ocala, FL 34471
352.401.3928

From: Tommy Thomas
Sent: Monday, July 11, 2011 9:00 AM
To: Shawn Hoff
Subject: Non-City Person in Break Room Afterhours
Importance: High

Shawn,
Friday night when I was here late, I found a person, not a city employee, in our break room working on a laptop. I asked if he was a city employee. He said that he was the trainer, and he was waiting for traffic to die down before leaving for Tampa. I told him politely that the traffic is fine now. I informed him that all the doors are locked in the building and he may not be able to get back to the training room if he goes to the bathroom. He stated that he was aware as he found that out the first time he stayed late. He left shortly after I confronted him. I stayed until he left. This guy is apparently the trainer for Winsome’s group training last week.

Problem I have is: Why would anyone in IT allow a non-city person, complete access to our internal network for an undetermined amount of time FOR SEVERAL DAYS IN A ROW? We rely heavily on physical security, and this guy has internal network ports in the break room. He could have been enumerating our INTERNAL network and brute-forcing all our servers AND Arnie’s network switches for more than an hour before I found him at around 6 p.m. On top of that, apparently he is some sort of MSSQL guru, so then he could have been mining all our SQL servers and databases. This is extremely serious in my opinion since he could now have a complete internal network map of our servers AND Arnie’s switched network, to include SCADA.

On top of that, nobody knows who this guy is, he could be a sexual deviant who preys on windows of opportunity. There are many females in the building that would have been unaware of his presence coming down that back stairwell.

It’s just stupid to allow that to happen without a second thought. Something needs to be done about this.

Thank-you,
Tommy Thomas MCP, Network+, Security+, C|EH, MCSA, MCSE
Network Systems Administrator
City of Ocala IT Division
151 SE Osceola Ave.
Ocala, FL 34471
352.629.8238