+ Reply to Thread
Page 1 of 2
1 2 LastLast
Results 1 to 15 of 22

Thread: Does making your a computer a DMZ host make it insecure?

  1. #1

    Talking Does making your a computer a DMZ host make it insecure?

    Hey, Just a Fresh question.

    I have been experiencing uber slow downloads on My P2P programs and torrent clients on my lean mean p3 downloading machine . And one of them said something about NAT/Firewall settings. So i had a fiddle in my wireless routers control panel (bt voyager 2000) and came across DMZ host, stating:

    DMZ Host

    A DMZ host is a computer on your network that can be accessed from the Internet regardless of NAT, virtual server and firewall settings.

    Setting-up a DMZ host has implication on the security of your network. Only set-up DMZ if you understand the consequences.

    Since it said ' Regardless of NAT ' i went ahead

    So now i have slightly faster downloads, just dont want my 6 month on the trot non-stop p3 system windows installation dying because of some ex-customer who hate me or something hacking me. :<

    (ps only has windows firewall and AVG free)


    Kind Regards, Lee.

  2. #2
    Certified VIP Host
    I have made 3937 posts
    313 posts within 6 months
    Contact Me, Company profile
    markcastle is on a distinguished road
    Does making your a computer a DMZ host make it insecure?
    Wow.. are you serious?
    ••• Mark Castle ••• Secura Hosting Ltd •••
    ••• Managed Hosting •••
    ••• AS29452UK Company Reg No: 04330657VAT Number: 789 2703 81Sales: 0845 123 2632 •••
    My views are my own and not those of my company.

  3. #3
    Yes I never really bothered studying wireless, just there because i dont want to drill holes all around my house for cables :<

  4. #4
    Mooharr
    no reviews yet. Post Review
    Certified VIP Host
    I have made 2376 posts
    277 posts within 6 months
    Contact Me, Company profile
    JamesSykes is on a distinguished road
    On most routers you set the private IP address as "DMZ" so it will just forward ALL traffic to you, essentially negating the protection you get from NAT.

    It wont MAKE your computer insecure but its not a great idea unless you keep ontop of all your patches/updates to stop yourself getting hacked.
    Mooharr
    E-Mail Hosting Services

    These are not my views and i cannot be held accountable for anything he says.

  5. #5
    Certified VIP Host
    I have made 2257 posts
    288 posts within 6 months
    Contact Me, Company profile
    JSamuel is on a distinguished road
    Blog Entries
    1
    -->
    DMZ - DeMilitarised Zone (sp..)
    In short - no defenses, pure exposure.
    Joel Samuel ACSA
    WebHostChat Admin

    Real Hosts Limited | Colocation | VP/Dedicated Servers | Monitoring | Backup | Virtual Hosting

    [e] j.samuel@real-hosts.co.uk | [p] 0845 890 5480 | [f] 0845 890 5481

    Planet Audio Group | MacUniverse - Apple MacBook(Pro) Mac Pro & XServe | Planet Audio | Planet Video
    [e] funkytown@planetaudiogroup.com | [p] 01753 42 2747 | [f] 01753 65 6683 | 0% Finance.

    I represent my own views and not those of my companies or the forum(s) on which I moderate.


  6. #6
    eHosting Limited
    no reviews yet. Post Review
    Certified Standard Host
    I have made 296 posts
    31 posts within 6 months
    Contact Me, Company profile
    PaulC is on a distinguished road
    Quote Originally Posted by Fresh-Networks
    So now i have slightly faster downloads
    The faster downloads will more than likely be related to the ports all being forwarded to the download machine by means of the DMZ. The best idea is to remove the DMZ and setup port forwarding for the associated ports to the internal IP of this machine.
    Paul Carter
    Technical Manager, eHosting Limited

  7. #7
    Ok, Thanks Paul . I just checked and it lets me do a range as my p2p programs vary port to port, some choose random of say: 6453-6568.

    Regards, Lee

  8. #8
    Joe
    Joe is offline
    Joe is on a distinguished road
    It's a silly name for 1:1 nat, and its quite possibly the silliest idea ever, either give the machine a routable ip or don't.
    Internet!

  9. #9
    Mooharr
    no reviews yet. Post Review
    Certified VIP Host
    I have made 2376 posts
    277 posts within 6 months
    Contact Me, Company profile
    JamesSykes is on a distinguished road
    It works well for me when i want to play xbox live on my 360
    Mooharr
    E-Mail Hosting Services

    These are not my views and i cannot be held accountable for anything he says.

  10. #10
    Certified VIP Host
    I have made 3937 posts
    313 posts within 6 months
    Contact Me, Company profile
    markcastle is on a distinguished road
    If you are going to implement Demilitarized Zones then you really ought to understand what they are
    http://searchwebservices.techtarget....213891,00.html

    If your firewall is soooo poor that you can't get good speeds through it, i'd suggest that you need to invest in a better firewall rather than rather than make your systems less secure. Consider it similar to putting your TV outside on your driveway... you might pick up a slightly better picture outside but someone is going to steal it sooner or later.
    ••• Mark Castle ••• Secura Hosting Ltd •••
    ••• Managed Hosting •••
    ••• AS29452UK Company Reg No: 04330657VAT Number: 789 2703 81Sales: 0845 123 2632 •••
    My views are my own and not those of my company.

  11. #11
    Certified VIP Host
    I have made 2194 posts
    143 posts within 6 months
    Contact Me, Company profile
    SynergyWorks is on a distinguished road
    Quote Originally Posted by markcastle
    Consider it similar to putting your TV outside on your driveway... you might pick up a slightly better picture outside but someone is going to steal it sooner or later.
    Can we not just put the aerial outside and leave the TV indoors?


    ... anyway, back on topic.
    A DMZ although better if you can live without it, isn't a problem with a windows machine fully patched with a basic firewall. At the office we have an ADSL line with 5 public IPs assigned directly to windows machines running nothing but Windows XP SP2 with the latest patches and windows firewall - never been hacked. *touch wood*


    Just my two pence....
    Robert Bentley

    SynergyWorks Internet - SynergyWorks.co.uk - AS41659
    Dedicated Servers - Virtual Servers - Kent Science Park Colocation & Rackspace - IP Transit
    T: +44 (0)1622 808 420 / F: +44 (0)1622 808 422 / E: r.bentley [at] synergyworks.co.uk

    VAT #: GB 913 4306 53

  12. #12
    Certified VIP Host
    I have made 2417 posts
    139 posts within 6 months
    Contact Me, Company profile
    Cyberprog is on a distinguished road
    I use my routers with what I call and DMZ, except the routers are setup with public addresses on the DMZ, but filter what IP traffic actually gets through to them. Then the LAN side is private only (other than specified NAT translations) and the WAN is the connection to the ADSL network or upstream. Found that works best for us as the firewall centralises everything and you can throw a machine up publicly easily while it being secured by the firewall.
    Alex Threlfall
    Cyberprog New Media
    www.cyberprog.net
    Of course my bull-bar is safe, it sits so high the old people and the children go underneath.

  13. #13
    Certified VIP Host
    I have made 3937 posts
    313 posts within 6 months
    Contact Me, Company profile
    markcastle is on a distinguished road
    Quote Originally Posted by SynergyWorks
    At the office we have an ADSL line with 5 public IPs assigned directly to windows machines running nothing but Windows XP SP2 with the latest patches and windows firewall - never been hacked. *touch wood*
    This is the sort of mentality that i just can't understand though.. it's not like a reasonable hardware firewall will break the bank, strewth you could even use an old PIII 500MHz running ipcop or m0n0wall if you are really skint, then use the software firewalls as last line of defence.

    I also can't understand why on earth a hosting company would want to highlight their wide open security policy on a public forum; you must be mad. I hope you don't have any customer data / personal information or passwords on those machines. You'd likely be in breach of the data protection laws if nothing else.
    ••• Mark Castle ••• Secura Hosting Ltd •••
    ••• Managed Hosting •••
    ••• AS29452UK Company Reg No: 04330657VAT Number: 789 2703 81Sales: 0845 123 2632 •••
    My views are my own and not those of my company.

  14. #14
    Certified VIP Host
    I have made 2194 posts
    143 posts within 6 months
    Contact Me, Company profile
    SynergyWorks is on a distinguished road
    Quote Originally Posted by markcastle
    This is the sort of mentality that i just can't understand though.. it's not like a reasonable hardware firewall will break the bank, strewth you could even use an old PIII 500MHz running ipcop or m0n0wall if you are really skint, then use the software firewalls as last line of defence.

    I also can't understand why on earth a hosting company would want to highlight their wide open security policy on a public forum; you must be mad. I hope you don't have any customer data / personal information or passwords on those machines. You'd likely be in breach of the data protection laws if nothing else.
    No customer data, and i'd be interested to hear of any known security flaws in the windows firewall & windows file sharing.
    Robert Bentley

    SynergyWorks Internet - SynergyWorks.co.uk - AS41659
    Dedicated Servers - Virtual Servers - Kent Science Park Colocation & Rackspace - IP Transit
    T: +44 (0)1622 808 420 / F: +44 (0)1622 808 422 / E: r.bentley [at] synergyworks.co.uk

    VAT #: GB 913 4306 53

  15. #15
    Wow, I don't use NAT, but I've got a FireBrick hardware firewall sat between the internet and everything else. I wouldn't dream of allowing Windows PC's on the network with a public IP without it.

    The Windows firewall is one of the most useless bits of junk I've ever seen, too - it's so easy to bypass it's laughable. Perhaps if you used a firewall not built in to the OS, it'd be slightly more secure...
    [SIZE="1"][b]Regards, Oliver Margetts - Managing Director, (url-removed: need 20 posts)

+ Reply to Thread
Page 1 of 2
1 2 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Similar Threads

  1. Replies: 1
    Last Post: 10th March 2006, 02:20 PM
  2. Your computer?
    By Solvaut in forum General Chit Chat & Discussion
    Replies: 49
    Last Post: 20th July 2005, 06:31 PM
  3. YOUR COMPUTER IS AT RISK!!!
    By Andrew in forum General Chit Chat & Discussion
    Replies: 1
    Last Post: 11th September 2002, 12:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Content Relevant URLs by vBSEO 3.5.0 RC2