Most I've seen are not bulletproof. The major problem is something like NAT.
The best solution appears to be one that requires the host device to authenicate an encrypted port connection which is only limited to one. Very recent stuff, and rather involved and expensive.
There are other "solutions" which can block some forms of illegal connection access when NAT isn't used, much of which depends either your existing device infrastructure capabilites and/or new additional devices.