Traditionally, network security has been placed at the enterprise perimeter. Enterprise security deployments are increasingly implemented with multiple layers of defense to protect mission critical data systems. While perimeter-based network security is still in force, the additional enablement of network security function at the server provides a critical layer of protection in the security infrastructure. This session will describe how z/OS Communication Server 'self-protects' z/oS from a network security perspective. Topics covered are drivers of network security function deployment into the server endpoint, as well as the policy-based network security solutions that are available on z/OS. The solution focus areas for this session include IPSec, Application Transparent TLS, integrated intrusion detection services, and IP packet filtering.