Knowing not much about network appliances and their role etc., when you're building a company, starting from scratch, are there good rule of thumb to not fall for the "enterprisey compromisey" piece of junk that such companies (Huawei -- state-sponsored espionnage-- ZTE, Barracuda, etc.) do sell?
Is there anything you can do to be at least a little bit safe?
Are there vendors that still value security or is it just accepted now that MITM and state-sponsored attacks are a normal way of operating?
In the long run, I have more faith in software defined networking to de-shitify this space than any other single solution.
We're actually working on some tech solutions which might help in the software defined networking security area, but it'll be 6-12 months. Ideally some of it will be open sourced and/or standardized.
Which is where leveraging Open Source comes into play. We have ROMs for home networking gear, we have bootable distros for security purposes, we have open source builds for Android. No reason similar projects couldn't be aimed at enterprise type kit. You'd still require hardware manufacturers, though open standards and whitebox builds might come into being. And there'd be distro wars, but very likely 2-3 lead contenders that would be the default safe choice.
You have to maintain a crappy closed firewall just as much as you have to maintain an open source one. In fact, installing, configuring and maintaining an openbsd firewall is much easier and less involved than any of the commercial firewalls I've had the misfortune of using.
Is there anything you can do to be at least a little bit safe?
Are there vendors that still value security or is it just accepted now that MITM and state-sponsored attacks are a normal way of operating?