The network layer is the lowest layer in the protocol stack where end to end security over multiple hops can be applied. Network layer security protocols provide blanket protection for upper-layer application data without requiring modification to the application. IPSec is implemented at the network layer and provides authentication, integrity, and data privacy between any two IP entities. IPSec can protect a segment of the data path (e.g., between two routers), or it can secure the data path end to end. Because IPSec is applied at the IP layer, it is a connectionless security protocol and is applied on a per packet basis.
Secure Sockets Layer (SSL) is another popular security protocol implemented above the transport layer at the application interface layer. TCP applications can be modified to use SSL. Many existing socket applications might be able to use Application Transparent Transport Layer Security (AT-TLS) services provided within the TCP/IP TCP layer. For details, see Application Transparent Transport Layer Security data protection.
SSL requires a reliable transport layer and is therefore not used for UDP applications. SSL provides authentication, integrity, and data privacy. SSL, originally used to secure traffic between a web browser and web server, can also secure other applications. SSL is a connection-oriented security protocol and protects all data on a connection or session.
The Communications Server has an SSL-enabled TN3270E Telnet server, which provides secure access to existing SNA applications being accessed over an IP network. Serving as a protocol gateway between the IP network and the SNA network, the SSL-enabled TN3270E Telnet server protects the data path in the IP network from the Telnet client all the way to the z/OS® TN3270E Telnet server. If the TN3270E Telnet server is on a different host from the target SNA application, SNA Session Level Encryption can be used to secure the SNA portion of the data path. SNA application data can be protected without modification to the SNA applications.