Security in Computer Networks

8.8 Security in Many Layers: Case Studies
Home | Introduction | 8.1 What Is Network Security? | 8.2 Principles of Cryptography | 8.3 Authentication | 8.4 Integrity | 8.5 Key Distribution and Certification | 8.6 Access Control: Firewalls | 8.7 Attacks and Countermeasures | 8.8 Security in Many Layers: Case Studies

It is possible to porvide security services in any of the top four layers of the Internet protocol stack.  When security is provided for a specific applicaton-layer protocol, the application using the protoccol will enjoy one or more security services, such as confidentialit;y, authenitcation, or integrity.  When security is provided for a transport-layer protocol, all applications that use that the protocol enjoy the security services of the transport protocol.  When security is provided at the network layer on a host-to-host basis, all transport-layer segments enjoy the security services of the network layer.  When security is porvided on a link basis, then the data in all frames traveling over the link receive the security services of the link.
 
Security at the network layer can offer "blanker coverage" by encrypting all the data in the datagrams  and by authenticating all the source IP addresses, it can't provide user-level security.
 
It is generally easier to deploy new Internet services, including security services, at the higher layers of the prtocol stack.  While waiting for security to be broadly delpoed at the network layer, which is probably still security functionality future, many application developers "just do it" and introduce security functionality into their favorite applications.

8.8.1 Security E-mail

8.8.2 Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

8.8.3 Network-Layer Security: IPsec

8.8.4 Security in IEEE802.11