There are three basic things that encryption can do to defend network communications.
(1) An encrypted link can be constructed so that a third party cannot see its contents while data is in transit.
(2) An encrypted link can be constructed so that the data cannot be modified while it is in transit without those modifications being detected.
(3) An encrypted link can be constructed so that you can be assured who it is coming from.
Now, there are limitations on all of these, of course. For example, if I am running an evil router and don't let you connect to someone you want to talk to, your partner might not detect that until you use some other mechanism, like a phone call to talk to them. If you don't keep the keys used for identifying a link private, then someone can impersonate the keyholder. But none of these should be a surprise to you.
This description is, of course, a gloss. There are many gory details in how all of these things are accomplished and many right ways and wrong ways to do that. But, this covers the high-level basics.
For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Encryption
Tech Tip: A primer on encryption
David Strom's Security Tool Shed: File encryption made easy
This was first published in February 2002