I have a question. Re-reading that last entry brings to mind one of the big advantages to working in a smaller office. I can document and know everything that goes on my network. You give me an IP address and within a minute I can tell you who's PC that is, what's installed on it and what peripherals they have access to. Another minute and I can print you out a full history of helpdesk issues we've had with that PC, the serial number and even the Windows OEM serial number.
Having all of this information readily available to me, and, in some cases, available off the top of my head, makes it very hard for someone to sneak anything by me. It means that I know and understand exactly where the vulnerable points in the network are, and how to protect them. It means that I know exactly what's been patched, what's been updated and what hasn't. (This is also true of our membership database, I know it inside out as well, but that's unimportant to the question at hand.)
My question is for those of you who work in huge enterprise-level IT, how do you do it? Do you have the same level of understanding of your network, is it segmented out and each of the network admins have this level of knowledge about their segment? Or do you just sort of hope that no one is sneaking in a wireless AP,for example,knowing that eventually it'll be found out? [Life of a one-man IT department]