Problem solve Get help with specific problems with your technologies, process and projects.

What security measures are recommended for each level of the TCP/IP model?

Find out where to put security measures and what options are available in the TCP/IP model in this expert response from Michael Gregg.

What would you recommend for security at each level of the TCP/IP model?
Well I don't know that I would recommend security at each level of TCP/IP but I would say that security can be layered in at more than one.

One of the key concepts of security is defense in depth, and as such we should be trying to layer security. At the lower levels you may implement WEP, WPA, 802.1x or even EAP. Higher up at the IP layer we have IPSec. While it's just an add-on to IPv4 it is built in to IPv6. Tunnel and transport mode are two potential options.

Moving up to higher layers there are protocols such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS.) At the top, or application layer, there are choices here such as PGP instead of clear text mail, SSH/SFTP as a replacement for FTP or even protocols such as DNS Secure.

This was last published in July 2008

Dig Deeper on Network Security Best Practices and Products