Similarly, it would be appealing if a protocol could protect us from vulnerabilities, security compromises, and malicious attacks. Unfortunately, this is not realistic either: in most systems, if an attacker can compromise one node, they can probably compromise all of them, because they are probably running the same software. Thus, traditional mechanisms (authentication, access control, encryption, firewalls, and so on) continue to be the main protection against attackers.
This hints at the biggest misunderstanding of security that the average developer has. They tend to assume that once you are inside the network you are safe, but that is wrong. If you start treating all your services as if they are exposed to the external internet it forces you to take a route more in line with zero trust.
