All news with #network security tag

⚠️ Microsoft has announced that WINS will be unsupported after the lifecycle of Windows Server 2025 on the LTSC channel, creating an effective sunset in 2034. The deprecated NetBIOS-era name service, long superseded by DNS, remains in place in many environments, especially industrial and OT systems. Administrators are urged to inventory dependencies, plan migrations to DNS, or isolate legacy workloads to reduce security and operational risk.

🔗 Google Cloud and Amazon Web Services have jointly previewed the Cross‑Cloud Interconnect for AWS, a managed, on‑demand service that provisions private, secure connections between Google Cloud VPCs and AWS VPCs in minutes. The collaboration is published under an open specification to enable partner contributions and wider industry adoption. Preview bandwidth begins at 1 Gbps and will scale to 100 Gbps at GA, with MACsec encryption and managed key rotation as default security controls. The offering emphasizes simplicity, quad‑redundancy, and managed operations to reduce setup from days to minutes.

🔗 AWS and Google Cloud announced a jointly engineered multicloud networking solution that integrates AWS Interconnect - multicloud with Google Cloud’s Cross-Cloud Interconnect. The collaboration introduces an open API specification to automate private, high-speed connectivity and shifts multicloud setup from physical circuits to a managed, cloud-native experience. Customers can provision dedicated bandwidth in minutes via console or API, while the service enforces quad redundancy and MACsec encryption for secure, highly available links. The APIs are published openly for other providers and partners to adopt.

🌐Amazon announced the preview of Amazon Route 53 Global Resolver, an internet-reachable DNS resolver that offers secure, anycast-based resolution for authorized clients worldwide. It supports split DNS for public domains and Route 53 private hosted zones and integrates DNS Firewall rules to block threat categories, malicious content, and advanced DNS attacks while logging queries centrally. Global Resolver provides high availability via selection of two or more regions for anycast resolution with automatic failover, and AWS will rename the existing Route 53 Resolver to Route 53 VPC Resolver to clarify the difference.

🔌 AWS Interconnect - last mile is a fully managed connectivity service launched in a gated preview with Lumen, letting customers connect branch offices, data centers, and remote sites to AWS in a few clicks. Users enter a location, select bandwidth (1–100 Gbps), and pick an AWS Region while AWS automates BGP peering, VLAN configuration, and ASN assignment, supporting dynamic scaling and zero‑downtime maintenance. The service is architected for high availability, backed by SLAs, and enables MACsec encryption by default; it is available in the US through Lumen.

🔐 Tor has replaced its legacy tor1 relay encryption with a new design called Counter Galois Onion (CGO) to strengthen circuit traffic confidentiality and integrity. CGO is built on a Rugged Pseudorandom Permutation (RPRP) construction named UIV+ and provides wide-block encryption, tag chaining, per-cell key updates for immediate forward secrecy, and a 16-byte authenticator that removes SHA-1. The change is currently experimental in the C Tor implementation and the Rust client Arti, will be deployed transparently to Tor Browser users, and aims to block tagging and other malleability attacks with only modest bandwidth cost.

🌐 Amazon CloudFront now supports bringing your own IP addresses (BYOIP) for Anycast Static IPs through VPC IP Address Manager (IPAM). Network teams can register and manage public IPv4 address pools in IPAM and assign dedicated Anycast Static IP lists to CloudFront distributions, preserving existing allow-lists and avoiding changes to application address space. The capability simplifies IP address management across AWS's global edge network and improves partner reachability and security. It is available in all commercial AWS Regions except AWS GovCloud (US) and the China regions.

🌐 Amazon Route 53 now exposes a dual-stack API endpoint at route53.global.api.aws, allowing clients to connect over IPv6, IPv4, or dual-stack. The existing IPv4-only endpoint remains available for backward compatibility. IPv6 support is available in all Commercial Regions at no additional cost and can be enabled via the AWS CLI or Management Console. This reduces IPv4 translation complexity and helps organizations meet IPv6 compliance.

🔒 Amazon OpenSearch Serverless now supports AWS PrivateLink for management console access, enabling private connectivity between your VPC and OpenSearch Serverless without traversing the public internet. This allows administrators to create, manage, and configure serverless resources via a private interface endpoint, reducing reliance on public IPs and firewall-only controls. Data ingestion and query operations continue to require OpenSearch Serverless VPC endpoint configuration. PrivateLink is available in regions where the service is offered and will incur additional VPC endpoint charges.

🌐 AWS has announced the general availability of AWS Cloud WAN Routing Policy, delivering fine-grained controls to optimize route management and traffic behavior across global wide-area networks. The feature supports route filtering, summarization, and advanced BGP attribute configuration to limit unnecessary route propagation, prevent asymmetric or sub‑optimal paths, and contain reachability blast radius. It also exposes enhanced routing database visibility for faster troubleshooting in complex multi‑path hybrid environments. Routing Policy is available in all Regions where Cloud WAN is offered and can be enabled via the Management Console, CLI, or SDK at no additional charge.

🔒 AWS Site-to-Site VPN is partnering with eero to simplify secure connectivity from remote sites to AWS. Using eero Wi‑Fi access points and gateway appliances, customers can automatically establish VPN tunnels to AWS in a few clicks. The integration is intended to accelerate scaling across hundreds of locations and reduce the need for onsite networking expertise. Available in the US geography.

🔍 AWS Site-to-Site VPN now publishes Border Gateway Protocol (BGP) logs from VPN tunnels to Amazon CloudWatch, providing deeper visibility into routing and session behavior. Previously, customers only had access to IKE/IPSec tunnel activity logs; the new BGP logs show session status, transitions, routing updates, and detailed error states. With both tunnel and BGP logs in CloudWatch, teams can correlate events, speed troubleshooting, and identify configuration mismatches between AWS endpoints and customer gateways across commercial Regions and AWS GovCloud (US).

🔒 AWS Network Firewall now supports managed rule groups from AWS Marketplace partners, enabling customers to deploy partner-curated threat intelligence directly from the console. These managed rules are continuously updated by vendors and integrate with existing firewall architectures without routing changes. They reduce operational overhead across multiple VPCs and help maintain compliance and security posture. Customers should evaluate partner offerings against their requirements.

🔒 Check Point and AWS have introduced Check Point Managed Rules for AWS Network Firewall to simplify scaling network security across complex cloud environments. The service provides centrally managed, preconfigured rule sets that reduce the time and effort required to deploy and maintain firewalls across multiple VPCs and subnets. By automating updates and delivering threat-informed rules, the offering aims to lower operational overhead, accelerate response to new attack vectors, and free scarce IT resources for higher-value tasks.

🔒 AWS Site-to-Site VPN introduces VPN Concentrator, a managed feature that simplifies multi-site connectivity for distributed enterprises. It enables customers to aggregate up to 100 low-bandwidth remote sites (recommended for deployments of 25+ sites, each under 100 Mbps) behind a single attachment to AWS Transit Gateway. The concentrator reduces operational overhead, improves bandwidth utilization, and lowers per-site VPN costs.

🛡️ CISA, with NSA, DoD CyCC, FBI and international partners, released Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help ISPs and network defenders disrupt abuse by bulletproof hosting (BPH) providers. The guide defines BPH as providers who knowingly lease infrastructure to cybercriminals and outlines practical measures — including curated malicious resource lists, targeted filters, traffic analysis, ASN/IP logging, and intelligence sharing — to reduce malicious activity while minimizing disruption to legitimate users.

🔒 CISA, working with U.S. and international partners, published Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to provide ISPs and network defenders with practical guidance to identify, disrupt, and mitigate abuse of bulletproof hosting. Bulletproof hosting enables obfuscation, command-and-control, malware delivery, phishing, and hosting of illicit content that supports ransomware, extortion, and DoS campaigns. The guide recommends traffic analysis, curated high-confidence malicious resource lists with automated reviews, customer notifications and filters, and standards for ISP accountability to reduce BPH effectiveness and strengthen network resilience.

🛡️ AWS now lets administrators enforce a centralized IP allocation strategy using VPC IPAM policies, ensuring public IPv4 addresses for resources like NAT Gateways and Elastic IPs are allocated from specified IPAM pools. The centrally defined policy cannot be overridden by individual teams, improving compliance and simplifying network and security management. Available in all AWS commercial and GovCloud (US) Regions, this feature works with both Free and Advanced IPAM tiers and enables cross-account, cross-region policy control when using the Advanced tier.

🚀 AWS Network Load Balancer now supports weighted target groups, letting you distribute traffic across multiple target groups with configurable weights from 0 to 999. This enables progressive deployment strategies such as Blue-Green and Canary deployments, application migration, and A/B testing while supporting instance, IP address, and ALB targets. The capability is available across AWS commercial and GovCloud regions at no additional charge; standard NLB Capacity Unit (LCU) pricing applies.

🔒 Google Cloud's Private NAT enables secure private-to-private translation to connect networks with overlapping or non-routable IPv4 ranges without running NAT appliances. As a managed Cloud NAT feature, it delivers high availability, automatic scalability, and centralized control for hybrid and multi‑VPC topologies. The post includes practical gcloud examples and Network Connectivity Center use cases to guide implementation.