< ciso
brief />
Tag Banner

All news with #network security tag

150 articles · page 7 of 8

Legacy Windows Protocols Enable Network Credential Theft

🔒 Resecurity warns that legacy Windows name-resolution protocols continue to expose organisations to credential theft when attackers share the same local network. By poisoning LLMNR and NBT-NS broadcasts using tools such as Responder, attackers can capture usernames, domain context and password hashes without exploiting a software vulnerability. Recommended mitigations include disabling these protocols via Group Policy, blocking UDP 5355, enforcing SMB signing, reducing NTLM, and monitoring for anomalous traffic.
read more →

Google Cloud launches Network Security Learning Path

🔒 Google Cloud has launched a Network Security Learning Path culminating in the Designing Network Security in Google Cloud skill badge to help organizations secure dynamic cloud networks. The program covers design, build, and management of secure VPCs, GKE lockdown, NGFW rules, Cloud VPN/Interconnect, and Cloud Armor for WAF and DDoS protection. Learners validate skills through a hands-on break-fix challenge lab simulating incidents like firewall policy breaches and data exfiltration.
read more →

VPC Lattice Enables Configurable IPs for Resource Gateways

🔧 Amazon Web Services announced that Amazon VPC Lattice now lets you configure the number of IPv4 addresses assigned to resource gateway ENIs. The selected IPv4 count is immutable after creation and directly affects network address translation capacity and the maximum concurrent IPv4 connections to backend resources. By default VPC Lattice assigns 16 IPv4 addresses per ENI; for IPv6 it always assigns a /80 CIDR per ENI. This capability is available at no additional cost in all Regions where VPC Lattice is offered.
read more →

AWS Direct Connect adds 10G/100G with MACsec in Makati City

🔒 AWS has expanded AWS Direct Connect capacity at the ePLDT data center near Makati City, Philippines, adding 10 Gbps and 100 Gbps dedicated connections with MACsec encryption. Customers at this Direct Connect location can establish private, direct access to all public AWS Regions (except those in China), AWS GovCloud Regions, and AWS Local Zones. The update delivers higher throughput and enhanced in‑flight protection for hybrid and colocated workloads, improving performance and security compared with internet-based connectivity.
read more →

Amazon EC2 Instance Connect Endpoint Adds IPv6 Support

🌐 Amazon EC2 Instance Connect Endpoint now supports IPv6 connectivity. Customers can configure endpoints as dual-stack or IPv6-only to connect to instances with IPv6 addresses and continue using SSH and RDP without public IPv4 addresses. The capability is available in all AWS Commercial Regions, AWS GovCloud (US), and China Regions and works via the AWS Console, AWS CLI, and standard SSH/RDP clients. It maintains backward compatibility with existing IPv4 deployments.
read more →

AWS DataSync Supports VPC Endpoint Policies and FIPS

🔒 AWS DataSync now supports VPC endpoint policies, enabling administrators to control access to DataSync API operations through VPC service endpoints, including FIPS 140-3 enabled endpoints. You can restrict specific actions such as CreateTask, StartTaskExecution, or ListAgents and combine these controls with identity-based and resource-based policies. The capability is available in all AWS Regions and helps strengthen security posture and compliance when accessing DataSync via VPC endpoints.
read more →

AWS Cloud WAN Now Available Across AWS GovCloud Regions

🛰️ AWS has made AWS Cloud WAN available in AWS GovCloud (US-West) and AWS GovCloud (US-East) as of Oct 1, 2025. The service provides a central dashboard and policy-driven networking to create a global network that spans VPCs, Transit Gateways, and on-premises locations. It supports BGP-based global route exchange and connectivity via Site-to-Site VPN, Direct Connect, or third-party SD-WAN solutions. The dashboard offers consolidated visibility into network health, security, and performance to simplify operations.
read more →

Amazon FSx for NetApp ONTAP Adds IPv6 Support in AWS Regions

🌐 Amazon Web Services now supports IPv6 access for Amazon FSx for NetApp ONTAP file systems. Customers can connect using IPv4, IPv6, or dual-stack clients without requiring translation infrastructure, simplifying IPv6 adoption and compliance with mandates such as OMB M-21-07. IPv6 is available for new file systems across all AWS Commercial and GovCloud regions; existing systems will receive support during an upcoming maintenance window.
read more →

Amazon FSx for Windows File Server Adds IPv6 Support

🌐 Amazon FSx for Windows File Server now supports IPv6, enabling new file systems to be accessed over IPv4, IPv6, or dual‑stack clients without requiring address translation. The capability is available immediately in all AWS Commercial and AWS GovCloud (US) regions where FSx is offered; existing file systems will receive IPv6 during an upcoming maintenance window. This change helps customers address IPv4 exhaustion and comply with mandates such as the US OMB M‑21‑07. See the FSx user guide for configuration and migration details.
read more →

AWS Network Firewall Adds Reject and Alert for Domain Rules

🔒 AWS Network Firewall now supports Reject and Alert actions for stateful domain list rule groups via the console, enabling more granular control over domain-based traffic. The Reject action blocks specified domains, while the Alert action logs and monitors traffic without disrupting flows. This feature is available in all Regions and supports TLS inspection configuration through the VPC Console or the Network Firewall API, helping organizations refine policy enforcement and observability.
read more →

Monitoring AS-SETs and Their Importance for BGP Operations

🔎 Cloudflare Radar now publishes public IRR AS-SET monitoring on each ASN routing page, enabling operators to inspect, filter, and export AS-SET memberships and inclusion trees. The feature surfaces inferred ASN, IRR sources, counts of AS and AS-SET members, AS cone sizes, and upstream relationships, and provides direct/indirect toggles for focused views. These capabilities help build accurate BGP route filters, detect misuse, and reduce the risk of route leaks by making AS-SET data easier to validate and share.
read more →

Cloudflare Uses Massive Data to Boost Global Network

⚡ Cloudflare is leveraging telemetry from its vast Free Plan and global edge to refine congestion control and improve routing across its network. By combining passive connection logs, Real User Measurement (RUM) and cross-network models, the team evaluates multiple algorithms beyond classic loss-based and BBR approaches. A migration to a Rust-based stack enables faster experimentation and parameter tuning; early QUIC tests show up to 10% performance gains. Cloudflare plans staged rollouts through 2026 and offers enterprise early access.
read more →

Cloudflare Uses Global Performance Data to Reduce Congestion

🔍 Cloudflare explains how it leverages the world’s largest performance dataset, combining passive transport logs with Real User Measurement (RUM), to refine congestion control across its global network. Using a new Rust-based stack and experimentation framework, the company evaluates multiple algorithms (including BBR) to predict user experience from passive signals and validate with RUM. Early tests on free-tier QUIC traffic show roughly 10% average improvement versus the prior baseline, with staged rollouts and an early-access program planned for enterprises.
read more →

AWS Network Firewall Enhances Application-Layer Controls

🔐 AWS released enhanced default application-layer rules for AWS Network Firewall to better handle TLS client hellos and HTTP requests that are split across multiple packets. The update adds new default stateful actions — drop and alert established — enabling security teams to enforce controls without complex custom rules while supporting modern TLS implementations and large HTTP requests. Detailed logging preserves visibility. Available in all supported AWS Regions.
read more →

Amazon VPC Reachability and Network Access Analyzer Expand

🛰️ Amazon has expanded VPC Reachability Analyzer and VPC Network Access Analyzer to seven additional regions — New Zealand, Hyderabad, Melbourne, Taipei, Calgary, Tel Aviv, and Mexico Central. Reachability Analyzer diagnoses network reachability between source and destination resources, while Network Access Analyzer identifies unintended access paths that may bypass security controls. This regional launch improves troubleshooting, compliance checks, and multi-account network visibility; pricing and documentation are available through AWS resources.
read more →

Network Performance Whitepapers: Retransmits, MTU, and PPS

🔍 This post introduces the third installment in Google Cloud’s Network Performance Decoded series, summarizing three whitepapers that examine TCP retransmission tuning, the effects of headers and MTU on effective throughput, and techniques to measure packets-per-second with netperf. The guidance highlights practical kernel tuning (for example, rto_min and thin linear timeouts), how protocol and cloud-specific headers reduce payload efficiency, and rigorous netperf methodologies for sizing tests and correcting skew when measuring PPS. While examples reference Google Cloud features such as Protective ReRoute, the recommendations are broadly applicable to cloud deployments seeking improved responsiveness and accurate benchmarking.
read more →

AWS Step Functions Adds IPv6 Dual-Stack Endpoint Support

🌐 AWS Step Functions now supports IPv6 via new dual-stack IPv4/IPv6 endpoints, enabling customers to send IPv6 traffic directly to the service. The enhancement preserves backwards compatibility with existing IPv4 endpoints and enables PrivateLink interface VPC endpoint connectivity so workloads can access Step Functions privately without traversing the public internet. IPv6 support is generally available in several US commercial and GovCloud regions.
read more →

AWS Network Firewall: SNI Session Holding for TLS Guide

🔒 AWS Network Firewall now offers SNI session holding to strengthen TLS inspection by validating the TLS SNI before initiating an outbound TCP connection. When enabled, the firewall holds TCP/TLS establishment until it receives the ClientHello SNI and evaluates it against Suricata-based TLS inspection rules, preventing any contact with disallowed endpoints. Administrators can enable this option in a TLS inspection configuration via the AWS Management Console, AWS CLI, or AWS SDK; it’s available in Regions including GovCloud and China and is billed as part of TLS advanced inspection.
read more →

GKE Network Interface: From kubenet to the AI backbone

📡 Over the past decade, Google Cloud evolved GKE pod networking from basic kubenet and route-based clusters to VPC-native alias IPs and the eBPF-powered Cilium Dataplane V2, improving performance, scalability, and observability. The platform now supports extreme-scale AI workloads with multi-NIC, terabit throughput, and persistent IPs for stateful functions. Looking forward, Google is exploring the Kubernetes Network Driver and the DRANET reference to expose node-level network resources via Dynamic Resource Allocation.
read more →

AWS Storage Gateway Adds IPv6 Dual-Stack Support Globally

🌐 AWS Storage Gateway now supports IPv6 for endpoints, APIs, and gateway appliance interfaces, offering new dual‑stack access alongside IPv4. Existing IPv4-only endpoints remain available for backward compatibility. Customers can standardize on IPv6 or transition gradually using the dual‑stack appliances and APIs. Support is available in all AWS Regions where the service is offered.
read more →