sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-16 07:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a8f91c38b1c059bfae5c44b8b98ff483328eaa51
netbird-docs/src/pages/manage/access-control/posture-checks/index.mdx
Brandon Hopkins a8f91c38b1 New Group and Access Policies Document and Initial Reorganization of Access Control Structure (#477) 
* New Access Control and ReOrg

* Enhance Access Control Documentation and Add New Resources

- Updated `next.config.mjs` to include new redirects for access control documentation.
- Added multiple images related to access control and endpoint detection and response.
- Refactored links in various documentation files to point to the new access control structure.
- Removed outdated documentation files and created new ones for managing access control and endpoint detection.
- Introduced a new section for understanding posture checks and their implementation in access control.

This commit aims to improve the organization and clarity of access control resources, aligning with the recent restructuring of documentation.

* Remove outdated Intune MDM documentation and update links in access control resources. This commit enhances the organization of the documentation by eliminating obsolete files and ensuring all references to Microsoft Intune are correctly aligned with the new structure.

* Fix typos in access control documentation for clarity and accuracy. Updated "Understnading" to "Understanding" and corrected "NerBird" to "NetBird" in relevant sections.
* Fix typo in Access Control section
* Fix formatting in posture checks documentation
* Added a space in the Posture Checks reference for clarity.
2025-11-18 10:30:45 -08:00

113 lines
8.1 KiB
Plaintext
Raw Blame History

# Understanding NetBird Posture Checks
Posture Checks is a security feature that enhances network protection by implementing automated assessments of a device's security status before granting network access, thus ensuring that only compliant devices can access your network resources.
In this regard, NetBird posture checks verify various aspects of a connecting device, offering granular control over network access. These checks include **verifying the NetBird client version**, allowing you to restrict access to peers with specific versions of the client software. Additionally, you can implement **geographical restrictions** based on country or region, giving you control over where connections can originate from.
The feature also allows for network-level restrictions by enabling you to **allow or block specific peer network ranges**. Furthermore, you can set constraints based on the operating system of the connecting device, **ensuring that only approved OS versions can gain access**. For an even more detailed level of control, Posture Checks can examine the running processes on a peer device, **allowing or denying access based on the presence of specific applications or services**.
By using these diverse checking capabilities, NetBird empowers you to create a robust and finely-tuned security posture for your network, significantly reducing the risk of unauthorized access and potential security breaches.
## Setting Up Posture Checks
Setting up posture checks in NetBird is straightforward, you can follow the example in the video below:
<div className="videowrapperadjusted" >
<iframe src="https://www.youtube.com/embed/-KlJUBuZrpo" allow="fullscreen;"></iframe>
</div>
Or follow the guide with other examples below:
Log in to your NetBird dashboard and navigate to `Access Control` > `Posture Checks` in the left menu. Click `Create Posture Check` or edit an existing one.
![NetBird Posture Checks](/docs-static/img/manage/access-control/posture-checks/posture-checks-01.png)
A pop-up window will open with two tabs: `Checks` and `Name & Description`.
![Create Posture Check](/docs-static/img/manage/access-control/posture-checks/posture-checks-02.png)
From here, you can manage access with posture checks based on several aspects:
### NetBird Client Version
Restrict access to peers with specific NetBird client versions, thus ensuring that all devices connecting to the network use up-to-date, secure client software.
![NetBird Client Version Posture Check](/docs-static/img/manage/access-control/posture-checks/posture-checks-03.png)
### Country and Region
Limit network access based on geographical location, helping comply with data regulations or restrict access from high-risk areas. Note that you have two tabs available for this: `Allow` (green) and `Block` (red), making it easy to set up your preferred access rules..
![Country and Region Posture Check](/docs-static/img/manage/access-control/posture-checks/posture-checks-04.png)
<Note>
When allowing access from specific locations in the network settings, all other locations are automatically blocked. Conversely, blocking certain locations means only those are blocked, while access remains open for all other locations.
</Note>
#### Peer Network Range
This posture check lets you precisely control network access by specifying which IP ranges can connect to your network. You can create policies allowing only connections from approved locations, such as office networks or trusted remote work setups. Additionally, you can enhance security by blocking high-risk IP ranges working in tandem with geo-based posture checks. This granular control helps create a more secure network environment by limiting access to known, trusted sources while preventing connections from potentially risky or unauthorized IP addresses.
![Peer Network Range Posture Check](/docs-static/img/manage/access-control/posture-checks/posture-checks-05.png)
### Operating System
Restrict access based on the connecting device's OS, ensuring only approved and potentially more secure operating systems can connect.
![Operating System Posture Check](/docs-static/img/manage/access-control/posture-checks/posture-checks-06.png)
<Note>
The Operating System Check requires NetBird version [0.26.0](https://github.com/netbirdio/netbird/releases) or newer.
</Note>
The check evaluates the actual `OS version` for Android, macOS, and iOS, while for Linux and Windows, it assesses the `kernel version`.
Below are some examples of OS versions for each operating system:
* Android 14 Upside Down Cake: `14`, `14.3`
* macOS 13 Ventura: `13`, `13.6.4`
* macOS 14 Sonoma: `14`, `14.3.1`
* iOS 16 / iPadOS 16: `16`, `16.7.5`
* Linux kernel: `6`, `6.7.5`
* Windows 10, version 22H2: `10.0.19045`
* Windows 11, version 23H2: `10.0.22631`
* Windows Server 2022, Version 21H2: `10.0.20348`
### Process
[Limit network access based on specific applications or services running on the connecting device](https://netbird.io/knowledge-hub/limit-network-access-based-on-running-processes). By verifying specific applications or processes, you ensure that only devices running essential security software, such as antivirus, firewalls, or endpoint protection agents, can connect to your network, reducing the risk of malware entering your network through unprotected devices. It also aids in maintaining compliance with regulatory requirements by enforcing consistent security measures across all devices.
Furthermore, this process-based posture check allows you to create specific policies for different user groups or network segments based on their unique security needs. Working in conjunction with other posture checks in NetBird, this setting offers a comprehensive and user-friendly approach to network security.
![Process Posture Check](/docs-static/img/manage/access-control/posture-checks/posture-checks-07.png)
## Name & Description
After enabling the desired posture check, go to the `Name & Description` tab. Here, enter a descriptive name for your newly created posture check and save it.
![Name your Posture Check](/docs-static/img/manage/access-control/posture-checks/posture-checks-08.png)
You'll notice a gray dot to the left of the posture check name, indicating it's inactive. To activate the posture check, you need to link it to an access control policy.
![New Posture Check](/docs-static/img/manage/access-control/posture-checks/posture-checks-09.png)
## Applying Posture Checks to Access Control Policies
To apply a posture check:
* [Create or edit an access control policy](https://docs.netbird.io/access-control).
* Find the `Posture Checks` tab within the policy settings.
* Choose `Browse Checks` to select an existing check or `New Posture Check` to create one.
Note that you can add multiple posture checks to a single policy as needed for comprehensive security.
![Add Posture Check to Access Control Policy](/docs-static/img/manage/access-control/posture-checks/posture-checks-10.png)
After adding the posture check, it will appear in the `POSTURE CHECKS` column. For easy management, you can click on it to edit the access control policy, allowing you to add or remove posture checks as needed.
![Access Control Policies Dashboard](/docs-static/img/manage/access-control/posture-checks/posture-checks-11.png)
If you revisit the `Posture Checks` dashboard, you'll notice a green dot next to your recently configured posture check. This color shift indicates that the posture check is now active and integrated into your network security framework, actively contributing to your system's protection.
![Posture Checks Dashboard](/docs-static/img/manage/access-control/posture-checks/posture-checks-12.png)
Following these steps, you can effectively implement and manage NetBird's Posture Checks, significantly enhancing your network's security posture.
## Get started with NetBird
<p float="center" >
<Button name="button" className="button-5" onClick={() => window.open("https://netbird.io/pricing")}>Use NetBird</Button>
</p>
- Make sure to [star us on GitHub](https://github.com/netbirdio/netbird)
- Follow us [on X](https://x.com/netbird)
- Join our [Slack Channel](/slack-url)
- NetBird [latest release](https://github.com/netbirdio/netbird/releases) on GitHub
Reference in New Issue View Git Blame Copy Permalink