IMO relying 100% on the end devices to protect themselves is too risky.
Layered security seems to work best.
Also I prefer to heavily monitor/secure two appliances/systems than heavily monitor thousands of end devices
> Layered security seems to work best. Also I prefer to heavily monitor/secure two appliances/systems than heavily monitor thousands of end devices
It can't be both at once. Either you have multiple layers because both the appliance and the endpoints are independently secure and the attacker has to compromise both, or you don't monitor/secure the individual endpoints and the appliances become a single layer / single point of compromise.
And if the appliances can see all the plaintext of everything then they're a single point of compromise even if the endpoints are otherwise secure, because the attacker can still read all the secrets through the man-in-the-middlebox.
What works is to leave each thing to what it's good at. The endpoints are good at inspecting the plaintext, because they inherently have to have it anyway and they have the context to understand what it's supposed to look like. So you don't end up interfering with a newer, more secure protocol because the middlebox doesn't understand it. And plaintext is sensitive data so the fewer things that have access to it the fewer things you can compromise to get access to it.
What middleboxes are really good at is certain types of access control, e.g. blacklisting malicious IP addresses for outgoing connections, or whitelisting source and destination addresses and ports for incoming connections. They keep your local IP cameras off the internet even if the cameras "should" be secure on their own.
It can't be both at once. Either you have multiple layers because both the appliance and the endpoints are independently secure and the attacker has to compromise both, or you don't monitor/secure the individual endpoints and the appliances become a single layer / single point of compromise.
And if the appliances can see all the plaintext of everything then they're a single point of compromise even if the endpoints are otherwise secure, because the attacker can still read all the secrets through the man-in-the-middlebox.
What works is to leave each thing to what it's good at. The endpoints are good at inspecting the plaintext, because they inherently have to have it anyway and they have the context to understand what it's supposed to look like. So you don't end up interfering with a newer, more secure protocol because the middlebox doesn't understand it. And plaintext is sensitive data so the fewer things that have access to it the fewer things you can compromise to get access to it.
What middleboxes are really good at is certain types of access control, e.g. blacklisting malicious IP addresses for outgoing connections, or whitelisting source and destination addresses and ports for incoming connections. They keep your local IP cameras off the internet even if the cameras "should" be secure on their own.