A good IDS(intrusion detection system) can cut down allot of the tricks mentioned, or at least alert the proper IT staff of the rogue activity. A good IT department may also have “sniffers” running on the network. Such activity can also be easily found by a search of the sniffer logs, and such activity can be reported to the proper personnel. Having a firewall(s) that log ALL perimeter activity to a syslog server, where activity can be analyzed can also be used to detect rogue activity. The trick is having an IT department with enough staff to bother with such things, and I bet that’s a small percentage. At most companies, I’d wager that no one looks for such things until after the fact when there has been a problem or security breach.
Personally, I don’t care what our users do on the internet, as long as they aren’t screwing something up. If someone is a repeat offender, they have their access privileges removed.
Corporations are pikers compared to universities. We get hammered constantly from inside and outside the wire. You install a new PC with the cable connected and you will get infected. It’s guaranteed. If the firewall is down, you are doomed.
We have guys who do nothing but isolate infected machines and watch for bad traffic.