A firewall protects an Ethernet network from a first larger network, e.g., the Internet. A first server on the Ethernet network stores an encrypted private key, decrypts the private key using a passphrase, and communicates with clients on the first network using the private key. A second server on the Ethernet network determines whether an intrusion has occurred from the first network into the first server and provides the passphrase to the first server only when no intrusion has occurred from the first network into the first server. The invention can be realized in apparatuses, methods, and/or instruction sets.