There are some known methods used today for establishing remote connection between hosts over an IP network. For example, a remote desktop connection, wherein a user may establish a remote session to the server based on a TCP (Client-Server) connection as the transport layer. The known remote connection solutions are usually based on a full state direct TCP connection from the client connecting from the secured network to the server in the unsecured environment.
When exchanging data between a secured computer network to a less secured computer network, attackers may attempt to infiltrate records, eavesdrop and spy after network communications within the less secured network, perform “man in the middle” attacks or try to exploit vulnerabilities on the secured network side in order to infect it with malware. Machine to machine communication usually relies on a protocol stack as described in the 7 layer OSI model. Different implementations of this model and these protocols have traditionally, over and over again, been exposed to vulnerabilities and attacks in all levels of the OSI layers (e.g., Ethernet, IP TCP, HTTP, and Application Layer). Over the years, different products have been developed to protect against these attacks. The common security paradigm is to segment the network into different perimeters and places security controls on the borders of these perimeters, securing the traffic going in and out between the secured perimeter and the outside world. Traditionally, Firewalls are placed to protect the network layers of the communication model and application Firewalls, Intrusion Prevention Systems (IPS), Proxies and Secure Application Gateways to protect the upper application layers. These solutions' operation model is to inspect the traffic going through them and in the case that something malicious is detected then to break and terminate the connection and thus preventing the attack. This approach was effective when trying to protect against known attacks that are sent in clear form. However, as the attackers got more sophisticated and use unknown 0-Day attacks or use encryption and obfuscation methods to hide their malicious intent, many of these attacks pass undetected by the traditional gateway defenses. As there was no trivial solution to this problem, many corporations and highly classified organizations prefer to work offline, e.g., with no Internet connectivity at all and/or no connectivity to less secured networks. Other options for an organization with classified data are the creation of a dedicated separate network or the creation of a dedicated terminal servers farm with high costs (networking, desktops, IT personnel and etc.) or white-list website access (not practical, still subject to most attacks).