This can be prevented but I guess it's not easy.
Where I work security seems to actually be taken seriously and this problem shouldn't be able to occur (or at least it would require a lot more effort).
For a kick off, there are no WiFi passwords as only WPA2-Enterprise with pre-shared keys is supported.
For physical connections, if your device's MAC address isn't in the data base then the port doesn't activate at all. I guess you could try changing the MAC address to get round this.
If you try to connect your own switch onto the end of the network then this is detected and again the port doesn't activate.
All of the switches are in locked rooms or secure cabinets and you can't have your own local switch even if it is supplied by corporate IT. I recently wanted to connect a dozen pieces of lab test equipment (which will all need to be registered and approved, obviously) but wasn't allowed to have even a corporate approved switch on my test bench. Instead, IT installed a dozen more RJ45 sockets on the wall running back to the secure network cabinet in the corner of the room.
We have working from home, but only via corporate supplied laptops which will only connect via the corporate VPN. Only approved USB devices will activate if you try to plug them in.
I have no doubt that this all costs an awful lot of money and a great deal of inconvenience so I'm not surprised that most enterprises fall far short of this standard.
Biting the hand that feeds IT
