I was doing lots of testing using IPSEC over the weekend (yea, don’t have a life). I must say, in Windows client and server environment, it’s really simple to implement it. Unlike popular application, IPSEC can be centrally deployed and managed in Windows through Group Policies.
IPSEC will ensure that wiretapping is literally impossible, data remains intact and assured of it’s source and destination. It’s like having VPN connections with every device in your network that supports IPSEC.
Note there’s overheads. Like any encryption technologies, it will require processing power and lots more overhead in transport. But seriously, thesedays with Gigagbit networks and very powerful computing ends (server/client), it’s really not much of an issue. Unless you have a 10bt network and really old computers, you should consider implementing IPSEC across your entire organization.
Since IPSEC works below the TCPIP layer, it can support most of your applications natively, unless they are broadcast or multicast enabled (see more unsupported configuration in this KB http://support.microsoft.com/kb/253169/)
Also, please do test in a non-production environment, setup monitoring tools and enabled logging extensively during your testing to ensure IPSec is correctly working and is compatible to your applications.