Network Security

Whether one needs any security mechanisms at all and what sort are appropriate depend on one's perception of the sensitivity of one's data, its volatility, the likelihood that a malefactor wants it and one's expectations of that malefactor's competence. If one believes the data to be valuable, sensitive and long enough lived to warrant protection via encryption then one must decide whether such mechanisms as IPSec, SSL or PGP are adequate and in what combination they may be necessary to ensure the confidentiality, integrity and/or authenticity of data and information.

If one is concerned that network traffic will be intercepted and one considers that traffic sensitive then IPSec is probably necessary. This mechanism will assure that intercepted traffic is nontrivially protected from eavesdropping (IETF, 2010). However, beyond the demarcation points of the tunnel the data will not be secure. This may mean exposure while it travels across a LAN on the inside of an encrypting firewall or perhaps just farther up the stack on a workstation if that's where the the IPSec terminates. In the case of the former exposure a well monitored switching infrastructure with MAC restrictions can help ameliorate it, but there will always be some risk from internal personnel if unencrypted packets traverse any accessible media. Encrypting at a higher level will offer some security from this exposure. Even in the latter case, where the unencrypted traffic is isolated within a single machine there are still avenues of exposure. From slack space in RAM and on disk to browser cache files, any information a user views may be recoverable on their machine (Carrier, 2005). Encrypting at the session, presentation or application layer can somewhat protect from this.
IPSec protects network traffic from eavesdropping. It doesn't do much to protect data in use on a node and it does not protect at all from eavesdropping on unprotected infrastructure within the demark. There are numerous technologies that do, and depending on the perceived value of the information it is likely that a layered security approach will be most appropriate.

Carrier, B. (2005) The Sleuth Kit Informer [Online]. Available from: http://www.sleuthkit.org/informer/sleuthkit-informer-21.txt (Accessed: 21 November, 2010)

IETF (2010) IP Security Protocol (ipsec) [Online]. Available from: http://datatracker.ietf.org/wg/ipsec/charter/ (Accessed: 21 November, 2010)