Whether one needs any security mechanisms at all and what sort are appropriate depend on one's perception of the sensitivity of one's data, its volatility, the likelihood that a malefactor wants it and one's expectations of that malefactor's competence. If one believes the data to be valuable, sensitive and long enough lived to warrant protection via encryption then one must decide whether such mechanisms as IPSec, SSL or PGP are adequate and in what combination they may be necessary to ensure the confidentiality, integrity and/or authenticity of data and information.
one is concerned that network traffic will be intercepted and one
considers that traffic sensitive then IPSec is probably necessary.
This mechanism will assure that intercepted traffic is nontrivially
protected from eavesdropping (IETF, 2010). However, beyond the
demarcation points of the tunnel the data will not be secure. This
may mean exposure while it travels across a LAN on the inside of an
encrypting firewall or perhaps just farther up the stack on a
workstation if that's where the the IPSec terminates. In the case of
the former exposure a well monitored switching infrastructure with
MAC restrictions can help ameliorate it, but there will always be
some risk from internal personnel if unencrypted packets traverse any
accessible media. Encrypting at a higher level will offer some
security from this exposure. Even in the latter case, where the
unencrypted traffic is isolated within a single machine there are
still avenues of exposure. From slack space in RAM and on disk to
browser cache files, any information a user views may be recoverable
on their machine (Carrier, 2005). Encrypting at the session,
presentation or application layer can somewhat protect from
IPSec protects network traffic from eavesdropping. It doesn't do much to protect data in use on a node and it does not protect at all from eavesdropping on unprotected infrastructure within the demark. There are numerous technologies that do, and depending on the perceived value of the information it is likely that a layered security approach will be most appropriate.
Carrier, B. (2005) The Sleuth Kit Informer [Online]. Available from: http://www.sleuthkit.org/informer/sleuthkit-informer-21.txt (Accessed: 21 November, 2010)
IETF (2010) IP Security Protocol (ipsec) [Online]. Available from: http://datatracker.ietf.org/wg/ipsec/charter/ (Accessed: 21 November, 2010)