A method and apparatus for providing secure communication on open networks. Each port of the network is provided with a security entity which monitors the communication between one port to the other. End stations connected to the ports communicate with other end stations by transmitting data to the port and receiving data from the port. The data is sent out in data packets with a destination address and a source address. Each port has its own unique address. The security entity checks data packets coming into the port for a destination address. The destination address of incoming data packets is compared with the port address of the affiliated port. Also, outgoing data packets from an end station to a port are also monitored by the security entity. The security entity compares the destination and source address of the data packet with the affiliated port address. The security entity cyphers and decyphers a data portion of the data packet depending on whether or not the source address, destination address and port address match. In this way, end stations not destined to read the data portions are thus prevented from doing so. Also end stations which are not authorized to transmit onto the network are prevented from having any users on the network understand their data.