Network encryption (sometimes called network layer, or network level encryption) is a network security process that applies crypto services at the network transfer layer - above the data link level, but below the application level. The network transfer layers are layers 3 and 4 of the Open Systems Interconnection (OSI) reference model, the layers responsible for connectivity and routing between two end points. Using the existing network services and application software, network encryption is invisible to the end user and operates independently of any other encryption processes used. Data is encrypted only while in transit, existing as plaintext on the originating and receiving hosts.
Network encryption is implemented through Internet Protocol Security (IPSec), a set of open Internet Engineering Task Force (IETF)standards that, used in conjunction, create a framework for private communication over IP networks. IPSec works through the network architecture, which means that end users and applications don't need to be altered in any way. Encrypted packets appear to be identical to unencrypted packets and are easily routed through any IP network.
Network encryption products and services are offered by a number of companies, including Cisco, Motorola, and Oracle.