I would love to know the opinions of network enthusiasts on NetBird, Pangolin and whether there are perhaps even better ways to do resource access management, zero trust and so on
speaking for my own infrastructure i generally dont want to rely on anything that considers itself a marketable product rather than a technology of the public
i've heard about netbird before but never tried it, though from the fact that it calls itself a "wireguard-based overlay network" it is already hinting at the fact that it is indeed not zero trust
when accessing a web service for example, with an OIDC-enabled SSO that authenticates the browser session of the user, one can meaningfully restrict access to that browser. in their scenario of an employee running malware where they get pwned that is because they do the opposite of zero-trust and blindly route all network traffic to the intra-net, just because it runs on the same machine
i think this is very misleading
also lmao at these supposed network security experts telling you to install their product by running a curl pipe bash command
i think what you might like is the PAM-integration of kanidm, which also does SSO-bound ssh to remote machines. ssh3 as a protocol is also very much about OIDC-integration, so this is definitely not some killer feature of netbird
i cant speak precisely about their security model because they do not seem to provide a whitepaper and only marketing pages full of buzzwords meant for executives
@star@amazonawaws.com
