Nebula rollback options in case of malicious admin action

henriquev

Hello,

We manage a Nebula deployment with 200+ sites and expect to add 600+ more. We’d like to understand what recovery options exist if an administrator with malicious intent deletes all sites and backups.

Specifically:

• Is there a rollback or restore mechanism for Nebula itself?
• If needed, can Zyxel support assist with a rollback?

Zyxel_Melen

Hi @henriquev

1. No rollback or restore option on Nebula.
2. We will assist in recovering. (Might not fully recover)

May I know if you need any assist now?

Zyxel_Melen

Hi @henriquev

1. No rollback or restore option on Nebula.
2. We will assist in recovering. (Might not fully recover)

May I know if you need any assist now?

GiuseppeR

Hi @Zyxel_Melen

I think that this request of @henriquev is really interesting.

To avoid issues I give read only permissions and read-write when it is needed, anyway it is something stressful because you have to remember to restrict again permissions.

It would be sufficient to use a similar way to the snapshots of VMs: the owner of the ORG can save some snapshots of all of his ORG, when he wants to or scheduled time, and revert back at some snapshots in the past to get back all config ok.

You just did something similar with H series firewall:

henriquev

https://community.zyxel.com/en/discussion/comment/80877#Comment_80877

We are very strict with write permission as well, there is an issue though that to change a site label/tag you have to have write permission in the organization. With 200+ sites, I have to waste my time changing label when needed or drop this feature altogether

GiuseppeR

On Nebula I see only "Read" and "ReadWrite" option for users.

Unfortunately no topology on which permission you can give to others.

Zyxel_Melen

Well, since the delete site and backup (configuration management) are org level function, some of admin you can give them only site privilege (org privilege is none) to private potential risks.