What security measures are recommended for each level of the TCP/IP model?
Find out where to put security measures and what options are available in the TCP/IP model in this expert response from Michael Gregg.
One of the key concepts of security is defense in depth, and as such we should be trying to layer security. At the lower levels you may implement WEP, WPA, 802.1x or even EAP. Higher up at the IP layer we have IPSec. While it's just an add-on to IPv4 it is built in to IPv6. Tunnel and transport mode are two potential options.
Moving up to higher layers there are protocols such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS.) At the top, or application layer, there are choices here such as PGP instead of clear text mail, SSH/SFTP as a replacement for FTP or even protocols such as DNS Secure.