dbWatch Control Center deploys several methods of network control.
1. Node authentication (clients and servers) using certificate infrastructure built up around the Domain CA system
2. The built-in firewall to restrict incoming connections on an IP level and encrypted package routing on a certificate domain level.
3. The actual listening on ports and connection direction can be adjusted.
Certificate infrastructure is discussed in detail here.
Control Center firewall is discussed in detail here.
Listening and connection direction is discussed in detail here.