Summit Roofing Co.
Zero-trust access review over NetBird — peers, policies and posture, with an approval-gated tighten action.
Peers <span style='background:#241f14;color:#e0b000;border:1px solid #6b5a1e;border-radius:5px;padding:2px 9px;font-size:11px;font-weight:700'>SAMPLE — set NETBIRD_API_TOKEN</span>
| Peer | OS | Overlay IP | Groups | State | Flags |
|---|
| evo-x2-control | Ubuntu 24.04 | 100.92.0.1 | control-plane | connected | ssh |
| proxmox-01 | Debian 12 | 100.92.0.2 | cores | connected | — |
| laptop-alex | macOS 15 | 100.92.0.7 | admins | offline | login expired, ssh |
| contractor-vm | Windows 11 | 100.92.0.9 | All | connected | pending approval, ssh |
Access policies
| Policy | Source → Destination | Proto | Verdict |
|---|
| Default | All → All | all | over-broad |
| admins→cores | admins → cores | tcp:22 | scoped |
Risks & least-privilege
- HIGH policy 'Default' rule 'Default' allows All→All (all) — over-broad
- MEDIUM peer 'laptop-alex' has an expired login — should re-authenticate
- HIGH peer 'contractor-vm' is pending approval — unapproved device on the network
- MEDIUM peer 'contractor-vm' has SSH enabled while in the 'All' group
Ask the agent to propose a tightened policy — it stages the change and waits for your approval before touching NetBird.