What security measures are recommended for each level of the TCP/IP model?

Find out where to put security measures and what options are available in the TCP/IP model in this expert response from Michael Gregg.

Michael Gregg, Superior Solutions, Inc.

What would you recommend for security at each level of the TCP/IP model?

Well I don't know that I would recommend security at each level of TCP/IP but I would say that security can be layered in at more than one.

One of the key concepts of security is defense in depth, and as such we should be trying to layer security. At the lower levels you may implement WEP, WPA, 802.1x or even EAP. Higher up at the IP layer we have IPSec. While it's just an add-on to IPv4 it is built in to IPv6. Tunnel and transport mode are two potential options.

Moving up to higher layers there are protocols such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS.) At the top, or application layer, there are choices here such as PGP instead of clear text mail, SSH/SFTP as a replacement for FTP or even protocols such as DNS Secure.

This was last published in July 2008

What security measures are recommended for each level of the TCP/IP model?

Find out where to put security measures and what options are available in the TCP/IP model in this expert response from Michael Gregg.

Dig Deeper on Network Security Best Practices and Products

Internet Protocol (IP)

Network layer

ICMP (Internet Control Message Protocol)

OSI model (Open Systems Interconnection)

Related Q&A from Michael Gregg

Expert tips to solve port 3389 issues when end users gets blocked

Disadvantages to a layered approach

How do I change my security setting to allow ActiveX?