Well, maybe I’ll get a great refund in in 2009

Apparently the IRS just realized that they had about 1,800 unauthorized web servers attached to their corporate network!!! Now I’m glad to hear that their CIO is working to get them removed, but sounds to me this is a great opportunity for them to implement a domain isolation model using IPsec. Now you know I’m a friend of the US GOV, and I bring this issue up to raise the following point:

Do you know how many unauthorized web servers, file servers, etc. exist on YOUR network?

If so, how do you identify them and more importantly how do you mitigate the risk this presents? Yes, you can threaten and write policies, but at the end of the day, you can only protect what you can enforce. What solutions are those of you in the field using?