the network are IDS (intrusion detection systems) and IPS
            (intrusion prevention systems) that monitor record and may
            block suspicious activity. The application firewall in the DMZ is
            behind a packet-filtering router to clear out most of the bad
            traffic before it gets to the application firewall.
            Inside on the network is more segmentation between various
            departments and systems to restrict traffic from areas it does not
            need to access.

            Each device connected to the network is also secured with
            antivirus, a firewall, and Host-based IPS.
            The above is an example of a layered network defense.



            Encryption of Network Traffic
            There are several ways to encrypt network traffic depending on
            the layer in the OSI stack, where the encryption is to be done. In
            many cases, data may be encrypted more than once. For
            example, an encrypted email sent over a wireless connection
            will be encrypted at the application layer (email) and again at
            the data link layer (WPA2).



            Datalink layer encryption
            The lowest level of encryption is at the data link layer. This
            encrypts the data between two adjacent devices. An example of
            this is to use WPA2 to encrypt data between a laptop and the
            wireless access point- a link-layer encryption. The problem with
            link-layer encryption is that the data must be decrypted at each
            end of the link, and if the data is going to transmit across
            another link, then the data must be re-encrypted. An example of
            this problem is when an organization is using handheld wireless