In a device having data communication capability, a security method
dynamically detecting a control connection, which originates from the
device, and detecting a negotiation of a related connection within the
control connection. The negotiation comprises at least defining a port of
the device for said related connection. The method further checks if
relationship between said port of the device and the control connection
fulfills predefined criteria, and conditionally blocks said related
connection, if said port of the device does not fulfill said predefined
criteria. The method can be used for suppressing a vulnerability related
to applets.