IPSec can be used whenever you need to secure data, which you’ll pretty much always want to do. The natural inclination of a security-minded administrator is to simply sign and encrypt all traffic on the network, which isn’t a bad inclination. With security, erring on the side of caution is desirable. However, IPSec cannot be deployed this way within most organizations.

I’ve examined the way IPSec works and shown that there is a significant amount of work that the system must do to secure network traffic. If some of that traffic is already secured through another mechanism, such as SSL, what good will IPSec do? Securing data twice sounds fantastic but is simply repetitive and usually offers no more protection than doing it once. Also, some network traffic is inconsequential to security. For example, if an intruder learns that your corporate standard homepage is http://www.msn.com, they gain no advantage. So using IPSec becomes a balance between security, necessity, and the availability of system resources to implement it.

The best strategy is to ensure that any sensitive network traffic is encrypted and any traffic that isn’t sensitive, but may be altered en route, is signed. You must also consider the impact on system performance to all computers that will use IPSec. For example, any system that will use more than occasional IPSec, such as a central server that stores sensitive data, should be sized to provide the extra resources necessary—more memory, faster ...