Thread: Does making your a computer a DMZ host make it insecure?

Does making your a computer a DMZ host make it insecure?

Wow.. are you serious?

On most routers you set the private IP address as "DMZ" so it will just forward ALL traffic to you, essentially negating the protection you get from NAT.

It wont MAKE your computer insecure but its not a great idea unless you keep ontop of all your patches/updates to stop yourself getting hacked.

DMZ - DeMilitarised Zone (sp..)
In short - no defenses, pure exposure.

Originally Posted by Fresh-Networks

So now i have slightly faster downloads

The faster downloads will more than likely be related to the ports all being forwarded to the download machine by means of the DMZ. The best idea is to remove the DMZ and setup port forwarding for the associated ports to the internal IP of this machine.

It's a silly name for 1:1 nat, and its quite possibly the silliest idea ever, either give the machine a routable ip or don't.

It works well for me when i want to play xbox live on my 360

If you are going to implement Demilitarized Zones then you really ought to understand what they are
http://searchwebservices.techtarget....213891,00.html

If your firewall is soooo poor that you can't get good speeds through it, i'd suggest that you need to invest in a better firewall rather than rather than make your systems less secure. Consider it similar to putting your TV outside on your driveway... you might pick up a slightly better picture outside but someone is going to steal it sooner or later.

Originally Posted by markcastle

Consider it similar to putting your TV outside on your driveway... you might pick up a slightly better picture outside but someone is going to steal it sooner or later.

Can we not just put the aerial outside and leave the TV indoors?


... anyway, back on topic.
A DMZ although better if you can live without it, isn't a problem with a windows machine fully patched with a basic firewall. At the office we have an ADSL line with 5 public IPs assigned directly to windows machines running nothing but Windows XP SP2 with the latest patches and windows firewall - never been hacked. *touch wood*


Just my two pence....

I use my routers with what I call and DMZ, except the routers are setup with public addresses on the DMZ, but filter what IP traffic actually gets through to them. Then the LAN side is private only (other than specified NAT translations) and the WAN is the connection to the ADSL network or upstream. Found that works best for us as the firewall centralises everything and you can throw a machine up publicly easily while it being secured by the firewall.

Originally Posted by SynergyWorks

At the office we have an ADSL line with 5 public IPs assigned directly to windows machines running nothing but Windows XP SP2 with the latest patches and windows firewall - never been hacked. *touch wood*

This is the sort of mentality that i just can't understand though.. it's not like a reasonable hardware firewall will break the bank, strewth you could even use an old PIII 500MHz running ipcop or m0n0wall if you are really skint, then use the software firewalls as last line of defence.

I also can't understand why on earth a hosting company would want to highlight their wide open security policy on a public forum; you must be mad. I hope you don't have any customer data / personal information or passwords on those machines. You'd likely be in breach of the data protection laws if nothing else.

Originally Posted by markcastle

This is the sort of mentality that i just can't understand though.. it's not like a reasonable hardware firewall will break the bank, strewth you could even use an old PIII 500MHz running ipcop or m0n0wall if you are really skint, then use the software firewalls as last line of defence.

I also can't understand why on earth a hosting company would want to highlight their wide open security policy on a public forum; you must be mad. I hope you don't have any customer data / personal information or passwords on those machines. You'd likely be in breach of the data protection laws if nothing else.

No customer data, and i'd be interested to hear of any known security flaws in the windows firewall & windows file sharing.

Wow, I don't use NAT, but I've got a FireBrick hardware firewall sat between the internet and everything else. I wouldn't dream of allowing Windows PC's on the network with a public IP without it.

The Windows firewall is one of the most useless bits of junk I've ever seen, too - it's so easy to bypass it's laughable. Perhaps if you used a firewall not built in to the OS, it'd be slightly more secure...