My organization is interested in encrypting the network traffic on our LAN. I'm looking for a little discussion about what, if anything, you all might be doing, why, and how. Our goal in this part of the project is to prevent a hacker from (easily) getting anything useful, assuming that someone has hacked into our network and set up camp to lay low and sniff out our traffic for a while. The goal is not perfection (is that even possible in security), but a layer of difficulty that could well be a deterrent. So far we are configuring LDAPS where possible/needed, have set our internal web applications to use HTTPS, and are looking into encrypting any communication with our database servers (reporting, applications, and development).
Does anyone see anything that we are missing, may want to look into, or know of anything we should avoid doing? Any and all insight is welcome and appreciated.