NetBird Posture Checks: Access Control for Modern Organizations

Today, organizations face the critical challenge of maintaining robust access control across their IT infrastructure. As networks grow more complex and threats become increasingly sophisticated, traditional access control methods often fall short, leaving businesses vulnerable to security breaches and operational inefficiencies.

Key challenges include:

Dynamic infrastructures
Need for granular control
Scalability issues

NetBird's Posture Checks feature offers:

Adaptive, context-aware access
Highly granular policies
Effortless scalability

This solution enhances security and efficiency by:

Reducing unauthorized access risk
Automating policy-based control
Enabling business agility

Let's delve into the details of how NetBird's Posture Checks feature transforms access control, making it more secure, efficient, and adaptable for modern enterprises.

Understanding NetBird Posture Checks

Posture Checks is a security feature that enhances network protection by implementing automated assessments of a device's security status before granting network access, thus ensuring that only compliant devices can access your network resources.

In this regard, NetBird posture checks verify various aspects of a connecting device, offering granular control over network access. These checks include verifying the NetBird client version, allowing you to restrict access to peers with specific versions of the client software. Additionally, you can implement geographical restrictions based on country or region, giving you control over where connections can originate from.

The feature also allows for network-level restrictions by enabling you to allow or block specific peer network ranges. Furthermore, you can set constraints based on the operating system of the connecting device, ensuring that only approved OS versions can gain access. For an even more detailed level of control, Posture Checks can examine the running processes on a peer device, allowing or denying access based on the presence of specific applications or services.

By using these diverse checking capabilities, NetBird empowers you to create a robust and finely-tuned security posture for your network, significantly reducing the risk of unauthorized access and potential security breaches.

Setting Up Posture Checks

Setting up posture checks in NetBird is straightforward, you can follow the example in the video below:

Or follow the guide with other examples below:

Log in to your NetBird dashboard and navigate to Access Control > Posture Checks in the left menu. Click Create Posture Check or edit an existing one.

NetBird Posture Checks

A pop-up window will open with two tabs: Checks and Name & Description.

Create Posture Check

From here, you can manage access with posture checks based on several aspects:

NetBird Client Version

Restrict access to peers with specific NetBird client versions, thus ensuring that all devices connecting to the network use up-to-date, secure client software.

NetBird Client Version Posture Check

Country and Region

Limit network access based on geographical location, helping comply with data regulations or restrict access from high-risk areas. Note that you have two tabs available for this: Allow (green) and Block (red), making it easy to set up your preferred access rules..

Country and Region Posture Check

When allowing access from specific locations in the network settings, all other locations are automatically blocked. Conversely, blocking certain locations means only those are blocked, while access remains open for all other locations.

Peer Network Range

This posture check lets you precisely control network access by specifying which IP ranges can connect to your network. You can create policies allowing only connections from approved locations, such as office networks or trusted remote work setups. Additionally, you can enhance security by blocking high-risk IP ranges working in tandem with geo-based posture checks. This granular control helps create a more secure network environment by limiting access to known, trusted sources while preventing connections from potentially risky or unauthorized IP addresses.

Peer Network Range Posture Check

Operating System

Restrict access based on the connecting device's OS, ensuring only approved and potentially more secure operating systems can connect.

Operating System Posture Check

The Operating System Check requires NetBird version 0.26.0 or newer.

The check evaluates the actual OS version for Android, macOS, and iOS, while for Linux and Windows, it assesses the kernel version.

Below are some examples of OS versions for each operating system:

Android 14 Upside Down Cake: 14, 14.3
macOS 13 Ventura: 13, 13.6.4
macOS 14 Sonoma: 14, 14.3.1
iOS 16 / iPadOS 16: 16, 16.7.5
Linux kernel: 6, 6.7.5
Windows 10, version 22H2: 10.0.19045
Windows 11, version 23H2: 10.0.22631
Windows Server 2022, Version 21H2: 10.0.20348

Process

Limit network access based on specific applications or services running on the connecting device. By verifying specific applications or processes, you ensure that only devices running essential security software, such as antivirus, firewalls, or endpoint protection agents, can connect to your network, reducing the risk of malware entering your network through unprotected devices. It also aids in maintaining compliance with regulatory requirements by enforcing consistent security measures across all devices.

Furthermore, this process-based posture check allows you to create specific policies for different user groups or network segments based on their unique security needs. Working in conjunction with other posture checks in NetBird, this setting offers a comprehensive and user-friendly approach to network security.

Process Posture Check

Naming and saving

After enabling the desired posture check, go to the Name & Description tab. Here, enter a descriptive name for your newly created posture check and save it.

Name your Posture Check

You'll notice a gray dot to the left of the posture check name, indicating it's inactive. To activate the posture check, you need to link it to an access control policy.

New Posture Check

Applying Posture Checks to Access Control Policies

To apply a posture check:

Create or edit an access control policy.
Find the Posture Checks tab within the policy settings.
Choose Browse Checks to select an existing check or New Posture Check to create one.

Note that you can add multiple posture checks to a single policy as needed for comprehensive security.

Add Posture Check to Access Control Policy

After adding the posture check, it will appear in the POSTURE CHECKS column. For easy management, you can click on it to edit the access control policy, allowing you to add or remove posture checks as needed.

Access Control Policies Dashboard

If you revisit the Posture Checks dashboard, you'll notice a green dot next to your recently configured posture check. This color shift indicates that the posture check is now active and integrated into your network security framework, actively contributing to your system's protection.

Posture Checks Dashboard

Following these steps, you can effectively implement and manage NetBird's Posture Checks, significantly enhancing your network's security posture.

Get started

Make sure to star us on GitHub
Follow us on Twitter
Join our Slack Channel
NetBird latest release on GitHub

Peers

Access Control

Networks (new)

Network Routes

DNS

Team

Activity

Settings

Integrations

Public API