While large enterprise networks have no shortage of options for safely interacting with the outside world, smaller companies sometimes have to be a little more creative. Fortunately, with a little planning, it?s not all that hard for even the smallest companies to run their own public-facing servers from their own computers?and their own offices?without making the entire network vulnerable.
Even the most run-of-the-mill home routers now include support for a DMZ. Short for, you guessed it, demilitarized zone, a DMZ lets you set one or more computers outside the protection of the router?s firewall so it can have unfettered access to Net. This feature is commonly available on all sorts of routers from D-Link, Netgear, Linksys, and others, and takes only a moment to configure.
The hardest part of setting up a DMZ is deciding whether this is really the best option for you in the first place. Some reasons to do this might include running your own Web servers, your own FTP servers, or getting around firewall restrictions that interfere with some communications programs. Typically, a DMZ only makes good sense if you need to allow several applications to function outside the firewall and it?s not practical to rely on simple port forwarding. But you should be aware that, by setting a computer outside the router?s firewall, you expose it to additional threats that can quickly bring an unprotected computer to its knees and expose its data to interlopers. For this reason, if you do decide to set up a DMZ, it?s vitally important to run a software firewall on each of the PCs in the DMZ and keep them vigilantly updated.
On most home routers, setting up a DMZ is as easy as opening up the router?s admin interface in a web browser and selecting which of the connected computers you?d like to place outside the router and assigning an IP address to the DMZ host.
The benefit of a DMZ is that it isolates public-facing machines outside your network, preventing threats that may affect those machines from reaching the rest of your PCs. For this reason, it?s important to carefully monitor the systems on your DMZ for viruses and other malware regularly, and diligently back up those systems.
The specific configuration steps for a DMZ vary greatly from router to router. So be sure to check the company's website for detailed information and advice before altering the DMZ settings in your router.
