Standard firewalls and IDS are almost useless on the modern Internet. Just open an HTTPS connection and you basically can do whatever you want. The """solutions""" create as many security problems as it solves. Installing them end-to-end on every single device? It can be Zero Trust networking, also can be computers with a backdoor. Another solution is MITMing all TLS connections, also more likely to be deployed and used by someone else rather than myself, effectively spyware to everyone else. Even the middlebox can be a huge target. A megacorp definitely would sacrifice everyone's privacy to protect corporate information. For everyone else, it's an undesirable decision.
@niconiconi
So... Don't use firewall and IDS???
@lucifargundam@qoto.org You can still install them, but their functionalities would be very limited without using the MITM wiretapping option. May block some stupid botnets scanners and malware, but isn't going to stop an espionage.
@niconiconi
So you're solution is to monitor traffic from each node via locally run MITM? That sounds like. A big performance hit.
@niconiconi
My apologies for misunderstanding. I was beginning to wonder if you were insinuating that by using firewall/IDS, one might as well send network traffic in clear text across global network.
@lucifargundam@qoto.org No, what I meant is that E2EE and IDS are fundamentally in conflict with each other. The former prevents traffic capturing and the latter captures traffic. No clear solution exists (if it can even be solved).