I know this isn't IDS, though the subjects are related. How do you try to prevent users from dismissing network security? Like the user who disconnects from the network to use their personal 56k account.
I've been thinking about this for a while, the best I can come up with is a ping every half hour to every address possible. Then compare the log to a list of known 'friendly' ip's.
Anyone got any better ideas?

remove the modems...?

You could remove the modems and/or the analog phone lines, but i can then use my cel phone as a modem. I guess you could build a farraday cage around the office building...

You need a policy informing workers that it is against the rules to use a modem. You also need vlans to separate out users from servers, perhaps departments from others too, so if someone still uses a modem at least the breach is containable. I don't understand how your ping would detect anything.

if you have a very secure node, no modems or unwanted hardware, kernel config is minimal etc (though this won't be the case in a corporation with many computers), would you be comfortable letting an employee loose on the network. Do you have internal firewalls? appropriate cables and piping for the cable? A rotating password scheme using pagers for vital systems? Adequate encryption? If you have wifi, have you checked broadcast distance (think thats what u call it) .
there's also the issue of worms, virii, trojans, emails, that have made it through to network cores many times in the past. Do you have adequate systems to deal with the extra strain? A black-hole system as was sugggested in a previous thread?

ping to check if there is a node found at the address, mm i have to read up more on networks, specially vlans and the like, nice suggestions :)