So far, I’ve examined a number of security mechanisms, including how to store data securely and how to prove your identity to local and network computers. Many nefarious individuals are foiled by strong authentication and secure data storage, but plenty of attackers won’t be deterred by them. With IPSec, you can implement an additional security measure on your network that will make it difficult for even the most determined attackers.

An attacker outside your network often attempts to gain access to your network resources by guessing passwords, probing servers for open TCP/IP ports, and so on. Another more subtle method is to capture and analyze data sent to and from the network. Many network services and applications transfer information such as usernames and passwords over the network in clear text, and attackers can use this information to gain access to your network.

For example, if your company uses Windows domains, all your network users are given usernames and generally make up passwords for themselves. They also probably belong to web sites like Yahoo!, where they maintain private accounts. Many users will set their Yahoo! (or other web service) passwords to the same as their company network passwords. After all, one password is easier to remember than a dozen. The problem is that Yahoo!—and many other network services—don’t encrypt passwords as a part of their logon process by default. The result is packets of data transmitted from your company network ...