[DMZ][Ports][NAT type ] security question

Majed6

Honorable
Jul 6, 2013
6
0
10,510
Hi,
I have a PS4 and it's listed in DMZ(Using static ip) . My question is :


1-Does it make any sense to open port for the PS4 ?

2-Is there any security risks if I made the nat type as nat type 1 since it's a closed system ?

BTW, I'm a computer science student.

I would enjoy reading a detailed explanation.

Thanks in advance
 
Solution
Pretty much when you use DMZ mode you are in effect placing that device directly on the internet. Although there is NAT involved you lose the protection NAT give though being stupid. Pretty much if a packet comes in for some port NAT does not know about it just drops it. When you use DMZ mode you tell him to send anything he does not know about to a particular machine. You have in effect opened all ports to the DMZ device with a single command.

NAT is in effect performing a firewall function that prevents unknown traffic from entering your network. You can of course use a actual firewall rule to accomplish the exact same thing. The concept of a true DMZ created by a firewall is very different than what a home router calls a...
Put simply its working past any hardware firewall setup in the router.
Or any conditions set up, like flood protection, port sniffing or hacking.
Its completely open to attack in any form. from that to lag switching when in a game from another user.

You only use a DMZ if the client has its own firewall/ conditions and configure.
Otherwise hell will rain.
 

Majed6

Honorable
Jul 6, 2013
6
0
10,510


thanks for the fast response . so it make no sense to open ports for the PS4 becasue everything is open already . does it mean that dmz work just like having nat type 1 ?
 
Pretty much when you use DMZ mode you are in effect placing that device directly on the internet. Although there is NAT involved you lose the protection NAT give though being stupid. Pretty much if a packet comes in for some port NAT does not know about it just drops it. When you use DMZ mode you tell him to send anything he does not know about to a particular machine. You have in effect opened all ports to the DMZ device with a single command.

NAT is in effect performing a firewall function that prevents unknown traffic from entering your network. You can of course use a actual firewall rule to accomplish the exact same thing. The concept of a true DMZ created by a firewall is very different than what a home router calls a DMZ. It just depends if or where you have this ability. Normally you only see true firewalls in a larger business. Home users and small business users normally do not have the skill set to properly configure them. This is why DMZ is not a recommended option on home routers for people that do not actually understand the risks. It really is not a "DMZ" in the way that term is normally used, you risk you whole internal network if that one machine gets compromised.
 
Solution

Majed6

Honorable
Jul 6, 2013
6
0
10,510

Thanks . One last thing .... Is it possible that a device such as the Playstation may get compromised ? Since it does not allow the user to download anything ;and until now no one was able to hack the system .