Skip to content
Aether Platform

Deep Defense & Security

NCS does more than just transport packets. It provides advanced security features that inspect traffic content and block threats.

DNS Filtering

All outbound traffic from workspaces goes through the NCS DNS resolver.

  • Threat Blocking: Blocks DNS resolution for known C2 (Command & Control) servers and malware distribution sites.
  • Domain Whitelisting: Define “allowed domains” per project in a whitelist format (e.g., allow only github.com and pypi.org).

SSL Bump (Traffic Inspection)

For enterprise policies requiring inspection of encrypted traffic, the SSL Bump feature is available.

  1. Interception: NCS temporarily terminates the SSL/TLS session.
  2. Inspection: Decrypted streams are scanned for viruses or data leakage (DLP).
  3. Re-encryption: Only safe data is re-encrypted and sent to the destination.

Note: This feature is opt-in and disabled by default for privacy.

Network Segmentation

NCS creates virtual network segments based on “Identity”. Even if residing in the same physical cluster, packets from different projects (tenants) never mix.