One morning, years ago, I was sitting in my office enjoying my morning cup of coffee while I perused the log files when I noticed something interesting. There was a GRE (Generic Routing Encapsulation) tunnel leaving the network and connecting to a home based ISP cable modem. My first thought was that someone was being a cheeky sort so, rather than panic, I examined the point of origin.
This connection was coming from the next office to my own. One of my team had puzzled out to get out of the network and I opted to do nothing. I decided to let it ride. I wanted to see, primarily, if anyone monitoring the network noticed the traffic. A day passed, then another. On the third day my staff alerted me to what he had been up to with this connection. He was caught off guard initially that I had even noticed. What troubled me was not that he had taken the initiative to poke a hole in the firewall but, rather, that no one caught on. We let this connection stand for several weeks before finally having some terse conversations with the monitoring team.