Is DMZ safe???

[iwas]

Hey guys i enabled DMZ on my pc since i had strict NAT. is it safe to keep it like this if not how can i keep it safe.

 

[bill001g]

Generally in a home environment it is the same as if you put your PC directly on the internet with no router. As long as you have the firewall settings in the PC correct it is fairly safe. Unfortunately just like DMZ mode most people are just using the generic settings in their firewall also. They just set it to internet,lan,office etc without actually knowing what those do.

When you use a NAT router you are in effect using the main feature of a firewall that prevents data from unknown sources initiating traffic to you without your permission. When you use DMZ you pretty much have turned off that "firewall" and need to replace as much of it as possible.

If your router has packet filter ability you should be able to go in and put additional rules in that only allows traffic say from certain ip addresses to have access on certain ports and block all the rest. This can also be done on the PC firewall but a PC is has more chance of a bug in the software since it is more complex so you are better off doing firewall filters on a router.

The main reason a DMZ is not safe is people are lazy. The NAT protects them without them knowing anything. Once you turn that off you must learn how networks really work...ie what are ports numbers what are ip addresses etc etc. Most people just scream....i wanna play my game... and pretend there are no bad people on the internet.

 

[sg4rb0]

lol how did you enable DMZ? as far as im concerned a DMZ stands for Demilitarized Zone, which is the terminology to describe an area usually between two firewalls that separate your LAN and WAN.

 

[bill001g]

lol how did you enable DMZ? as far as im concerned a DMZ stands for Demilitarized Zone, which is the terminology to describe an area usually between two firewalls that separate your LAN and WAN.

It would be nice if it actually worked that way and is the fairly industry standard definition. Unfortunately we have a bunch of marketing guys designing consumer routers so DMZ on a consumer router sounds cool but pretty much means send any traffic you can not figure out where else to send just send to a particular IP. On top of this few consumer routers can even filter traffic between devices on the lan so you can't make a ture DMZ even if you want to.

 

[pjo71099]

Generally in a home environment it is the same as if you put your PC directly on the internet with no router. As long as you have the firewall settings in the PC correct it is fairly safe. Unfortunately just like DMZ mode most people are just using the generic settings in their firewall also. They just set it to internet,lan,office etc without actually knowing what those do.

When you use a NAT router you are in effect using the main feature of a firewall that prevents data from unknown sources initiating traffic to you without your permission. When you use DMZ you pretty much have turned off that "firewall" and need to replace as much of it as possible.

If your router has packet filter ability you should be able to go in and put additional rules in that only allows traffic say from certain ip addresses to have access on certain ports and block all the rest. This can also be done on the PC firewall but a PC is has more chance of a bug in the software since it is more complex so you are better off doing firewall filters on a router.

The main reason a DMZ is not safe is people are lazy. The NAT protects them without them knowing anything. Once you turn that off you must learn how networks really work...ie what are ports numbers what are ip addresses etc etc. Most people just scream....i wanna play my game... and pretend there are no bad people on the internet.

I'm having a very similar issue in that my port forwarding is isn't working for assassin's creed unity and with no one knowing what's wrong, DMZ is my only solution. Just wondering what your recommendation for the best security set-up and settings is for using DMZ mode? Currently use AVG free and ZoneAlarm free on default settings. I'm not using DMZ yet, still looking for advice.

 

[pjo71099]

Generally in a home environment it is the same as if you put your PC directly on the internet with no router. As long as you have the firewall settings in the PC correct it is fairly safe. Unfortunately just like DMZ mode most people are just using the generic settings in their firewall also. They just set it to internet,lan,office etc without actually knowing what those do.

When you use a NAT router you are in effect using the main feature of a firewall that prevents data from unknown sources initiating traffic to you without your permission. When you use DMZ you pretty much have turned off that "firewall" and need to replace as much of it as possible.

If your router has packet filter ability you should be able to go in and put additional rules in that only allows traffic say from certain ip addresses to have access on certain ports and block all the rest. This can also be done on the PC firewall but a PC is has more chance of a bug in the software since it is more complex so you are better off doing firewall filters on a router.

The main reason a DMZ is not safe is people are lazy. The NAT protects them without them knowing anything. Once you turn that off you must learn how networks really work...ie what are ports numbers what are ip addresses etc etc. Most people just scream....i wanna play my game... and pretend there are no bad people on the internet.

I'm having a very similar issue in that my port forwarding is isn't working for assassin's creed unity and with no one knowing what's wrong, DMZ is my only solution. Just wondering what your recommendation for the best security set-up and settings is for using DMZ mode? Currently use AVG free and ZoneAlarm free on default settings. I'm not using DMZ yet, still looking for advice.

 

[CROcodile20]

Generally in a home environment it is the same as if you put your PC directly on the internet with no router. As long as you have the firewall settings in the PC correct it is fairly safe. Unfortunately just like DMZ mode most people are just using the generic settings in their firewall also. They just set it to internet,lan,office etc without actually knowing what those do.

When you use a NAT router you are in effect using the main feature of a firewall that prevents data from unknown sources initiating traffic to you without your permission. When you use DMZ you pretty much have turned off that "firewall" and need to replace as much of it as possible.

If your router has packet filter ability you should be able to go in and put additional rules in that only allows traffic say from certain ip addresses to have access on certain ports and block all the rest. This can also be done on the PC firewall but a PC is has more chance of a bug in the software since it is more complex so you are better off doing firewall filters on a router.

The main reason a DMZ is not safe is people are lazy. The NAT protects them without them knowing anything. Once you turn that off you must learn how networks really work...ie what are ports numbers what are ip addresses etc etc. Most people just scream....i wanna play my game... and pretend there are no bad people on the internet.

I'm having a very similar issue in that my port forwarding is isn't working for assassin's creed unity and with no one knowing what's wrong, DMZ is my only solution. Just wondering what your recommendation for the best security set-up and settings is for using DMZ mode? Currently use AVG free and ZoneAlarm free on default settings. I'm not using DMZ yet, still looking for advice.

Somebody answer ? How to set up my Windows firewall to be most effective while having my PC in DMZ ?

 

[SinxarKnights]

How to set up my Windows firewall to be most effective while having my PC in DMZ ?

Make sure it is on. Not much you can do beyond that. The problem with DMZ is people tend to forget about it since it is a router thing. Worms are still a thing but AVG should catch it. But then again I've purposely infected a system and AVG didn't detect anything... so YMMV on that.

I recommend you find out why port forwarding isn't working instead of DMZ'ing your PC. If you have ZoneAlarm, that is prolly the reason. DMZ'ing won't help if ZoneAlarm blocks everything.

 

[CROcodile20]

How to set up my Windows firewall to be most effective while having my PC in DMZ ?

Make sure it is on. Not much you can do beyond that. The problem with DMZ is people tend to forget about it since it is a router thing. Worms are still a thing but AVG should catch it. But then again I've purposely infected a system and AVG didn't detect anything... so YMMV on that.

I recommend you find out why port forwarding isn't working instead of DMZ'ing your PC. If you have ZoneAlarm, that is prolly the reason. DMZ'ing won't help if ZoneAlarm blocks everything.

Porft forwarding works, but not for GTA Online (PC). The only thing I can do to get Nat type : Open in that game is to put my PC into DMZ. I have a TP link router, I dont know if the DMZ option is actually dmz or Exposed host.

 

[ssdrecovery]

Is there any option for UPnp (Universal plug and play), it should automatically manage ports on the fly. It's usually a good middle ground of safety and convenience for home users.

 

[NerdIT]

Having your PC on the DMZ is fine as long as you have a host (windows in this case) firewall installed/configured along with good anti-virus.