Link level security

Link level security refers to those security services that are invoked, directly or indirectly, by an MCA, the communications subsystem, or a combination of the two working together.

Link level security is illustrated in Figure 1. Here are some examples of link level security services:

  • The MCA at each end of a message channel can authenticate its partner. This is done when the channel starts and a communications connection has been established, but before any messages start to flow. If authentication fails at either end, the channel is closed and no messages are transferred. This is an example of an identification and authentication service.
  • A message can be encrypted at the sending end of a channel and decrypted at the receiving end. This is an example of a confidentiality service.
  • A message can be checked at the receiving end of a channel to determine whether its contents have been deliberately modified while it was being transmitted over the network. This is an example of a data integrity service.


Link level security provided by IBM MQ

The primary means of provision of confidentiality and data integrity in IBM MQ is by the use of TLS. See TLS security protocols in IBM MQ. For authentication, IBM MQ provides the facility to use channel authentication records. Channel authentication records offer precise control over the access granted to connecting systems, at the level of individual channels or groups of channels. For more information, see Channel authentication records.

  • Providing your own link level security
    We can provide your own link level security services. Writing your own channel exit programs is the main way to provide your own link level security services.

Parent topic: Comparing link level security and application level security