In most occasions, to carry out our daily tasks on the Internet, we do not need to do anything special. A clear example of this is the web browsing we do using our browsers on different operating systems and computers. However, some P2P programs, when you want to set up a web or FTP server and also some video game consoles require specific ports to be opened. In case of not doing so, we may experience a significant drop in performance as in P2P programs and even that they do not work. Then we can choose two well differentiated strategies. One would be to open only the ports we need and another to use DMZ. In this article we are going to see the advantages and disadvantages of opening ports using DMZ.
Perhaps on some occasion you may have had to enter the router configuration to change the Wi-Fi password or another task and in one of its sections you have seen DMZ written. In that aspect, we find a way to open ports using DMZ, which has its peculiarities, and also dangers. Next, we will see what it is and then we will see its advantages and disadvantages.
What is DMZ and what is it used for
DMZ refers to a demilitarized zone and comes from the acronym in English DeMilitarized Zone. The purpose of a DMZ is that connections from the internal network to the outside of the DMZ are allowed, while normally connections from the DMZ are not allowed to the internal network. The DMZ is generally used to locate servers that need to be accessible from the outside, such as e-mail, web and DNS servers. In the business environment, it would be done by creating a secure area of access to certain computers that would be separated from the rest.
However, ports can also be opened using DMZ on local networks. Normally we would do it using an IP address belonging to a computer on the local area network on which the router would open all the ports. The only exception of ports that it would not open are those that are set in the NAT table rules. Although the most common is to use a local IP, sometimes it can also be done using the MAC address. An example would be the Orange Livebox routers that allow you to open DMZ using the MAC.
As for what it can be used for, it serves to avoid existing problems when executing programs when we do not know exactly which ports need to be opened for its correct operation. It also helps to access certain services from abroad.
Advantages and disadvantages of opening ports using DMZ
On some occasion we may have to use a program that requires the use of several ports and we are not clear about which ports specifically it needs to work well. Thus, a good solution for this case may be to open ports using DMZ to the local IP of the computer where we have this program installed. Then once done, unless the software firewall of that computer was interfering, the normal thing is that it works the first time.
However, that is not to say that opening ports using DMZ has its drawbacks. As we have already mentioned before, we are opening practically all the ports to that specific local computer. This implies that we are giving cybercriminals more attack possibilities who can look for weak points by performing a port scan. Therefore, if we are going to open ports using DMZ, those ports have to be protected Correctly thanks to the firewall by computer software. A good example would be to have a NAS server accessible from the outside but well protected with its corresponding firewall.
In RedesZone, as a general rule, we recommend opening only the ports that we need. So we will be more secure and everything can work well. Regarding opening ports using DMZ, we must reserve it for very specific cases and if there is no other choice, at least provide it with adequate security with a firewall. Finally, you may be interested in knowing how to configure the DMZ on your router.