A system and a method are for securing a protected host. A secure channel server receives a plurality of first packets transmitted over a first network, and analyzes the plurality of first packets to obtain an analysis information. The plurality of first packets include a plurality of encrypted second packets encrypted by a terminal data processing apparatus with a certificate issued by the secure channel server. The plurality of encrypted second packets relate to an application process executed by the terminal data processing apparatus and judged as a secure process. The plurality of first packets are selectively decrypted with the certificate according to the analysis information into a plurality of decrypted first packets. The secure channel server redirects, according to a selected redirection rule, the decrypted first packets or the first packets selectively via a second network to the protected host.