Behind the DMZ

Even if you’ve put together a solid network and set it up properly, you can still run into problems. Sometimes a complex, network-based application such as a multiplayer game just doesn’t work. You set up your router’s port forwarding feature to no avail. You need a DMZ.

A DMZ — named for the demilitarized zone between South and North Korea — is a separate network that bypasses your router. When you assign a system such as a PC to the DMZ, you remove all functions that usually monitor the traffic flowing in and out of that system.

Assuming your network is connected to the Internet, assigning a system to the DMZ is dangerous because instead of opening specific ports or a range of ports, you’re opening everything to the digital free-for-all. You’re potentially opening the floodgates that — up until that point — your router is designed to keep closed. And because the DMZ is associated with your LAN, a successful break-in could expose the rest of your network.

Therefore, the first rule of the DMZ is to exercise caution. This is an advanced feature; don’t use it if you aren’t familiar with the risks and precautions. Be sure to protect systems connected through this feature with some internal form of security, such as a software firewall. Please — puh-lease — don’t use your router’s DMZ as your default method for getting finicky network applications to work. It’s strictly a last-resort method for solving a particular connection problem. Be prepared before you enter the DMZ.

Subscribe to the Best of PCWorld Newsletter