Implementation of Enhanced Node Authorisation Features for Increased Security Across All User Tiers

[Ezirius]

Is your feature request related to a problem? Please describe. The current NetBird setup potentially allows insiders or compromised accounts to add unauthorised nodes to networks. This issue raises serious concerns not only for organisations but also for personal users who might store sensitive data or operate home-based IoT setups needing secure, controlled access. For instance, significant breaches in 2023, including those impacting large organisations like T-Mobile and Twitter, highlight the urgent need for enhanced security features to prevent unauthorised access​ (The Independent)​​ (NordLayer)​​ (IdentityIQ)​.

Describe the solution you'd like I propose the introduction of a feature similar to Tailscale's "tailnet lock," but tailored to NetBird's system architecture. This feature would involve a robust node authorisation mechanism requiring explicit approval for each new node's integration into the network through a secure and verifiable process. Ideally, this would use cryptographic signatures verified against a list of pre-approved signatories within the user's network—ensuring no node joins without proper authorisation from a trusted entity. It's crucial that this feature operates independently of the central coordination server, which could be a vulnerability if compromised.

Describe alternatives you've considered While a two-factor authentication system for adding new nodes, requiring secondary admin confirmation, could be an alternative, this system might still depend on the security of the central coordination server, posing a risk if compromised. This method could potentially be less secure than a decentralised signature verification system.

Additional context The necessity for this feature goes beyond enterprise applications and is critical for personal users. The record-breaking number of breaches in 2023, along with the evolution of cyber threats from ransomware to data theft and extortion, shows the urgency of fortifying personal information. By implementing such security measures, NetBird would significantly enhance trust in its platform, ensuring that users at all levels—whether large enterprises or individual users—can maintain control over their networks without fear of internal threats or breaches. This feature is vital for upholding the integrity and security of private networks, protecting them against both external attacks and internal vulnerabilities (CRN)​.

[nazarewk]

@Ezirius I might be downplaying the issue, but isn't the Peer Approval feature already covering this use case? It might not have been there yet when you originally posted the issue.

Combining this with automated verification script/tooling created by and tailored to a specific organization's needs should be covering the whole use case?

[YazeedAlKhalaf]

@nazarewk the cool thing about the "Tailnet Locking" feature of Tailscale, is it doesn't rely on a central server, it is just public key cryptography that works and ensures security even if NetBird coordination central server is compromised, nobody can join your network unless a private key of a signing node signs the public key of the new node.

My details might not be 100% accurate but I think it covers the idea.

"Peer Approval" from what I understand is relying on NetBird to approve new nodes or people joining, right?

[lixmal]

Currently, you could set a PSK on each peer. The mgmt server won't know about it and peers that don't have it set won't be able to connect to the others

[dani]

Unfortunatly, the peer approval feature is limited to netbird cloud, and not available in the self hosted edition. IMHO, this is a very essential security feature (even if indeed, a signature based feature like tailnet lock would be even better)