Behind the DMZ

Even if you’ve put together a solid network and set it up properly, you can still run into problems. Sometimes a complex, network-based application such as a multiplayer game just doesn’t work. You set up your router’s port forwarding feature to no avail. You need a DMZ.

A DMZ — named for the demilitarized zone between South and North Korea — is a separate network that bypasses your router. When you assign a system such as a PC to the DMZ, you remove all functions that usually monitor the traffic flowing in and out of that system.

Assuming your network is connected to the Internet, assigning a system to the DMZ is dangerous because instead of opening specific ports or a range of ports, you’re opening everything to the digital free-for-all. You’re potentially opening the floodgates that — up until that point — your router is designed to keep closed. And because the DMZ is associated with your LAN, a successful break-in could expose the rest of your network.

Therefore, the first rule of the DMZ is to exercise caution. This is an advanced feature; don’t use it if you aren’t familiar with the risks and precautions. Be sure to protect systems connected through this feature with some internal form of security, such as a software firewall. Please — puh-lease — don’t use your router’s DMZ as your default method for getting finicky network applications to work. It’s strictly a last-resort method for solving a particular connection problem. Be prepared before you enter the DMZ.

This story, "Behind the DMZ" was originally published by BrandPost.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon