DMZ how safe?

Discussion in 'macOS' started by zalves, Feb 13, 2009.

  1. zalves macrumors member

    Joined:
    Dec 23, 2008
    Location:
    Portugal
    #1
    If I leave my mac set on DMZ on my router am I safe?

    I have that belkin router with the little (and crapy) lcd screen

    and I'm using little snitch
     
  2. antibact1 macrumors 6502

    Joined:
    Jun 1, 2006
    #2
    Is there a reason you are doing this? It's not that you are unsafe, but if a worm is uncovered for OS X you are going to be exposed immediately. Leaving a computer directly connected to the Internet without a firewall is not a great idea. If you are trying to access particular services on your computer, set up port forwarding in your router.
     
  3. SDAVE macrumors 68040

    SDAVE

    Joined:
    Jun 16, 2007
    Location:
    Nowhere
    #3
    Yeah just open the particular port you need and use port forwarding as mentioned. Don't use DMZ. DMZ is used on rare occasions. If you enable it, it kind of defeats the purpose of having a hardware firewall.

    Let's say you need ports 12,000 to 2,100

    Just open 000 to 100 and you'll be ok.

    I recommend opening one or two ports though, not that many.
     
  4. lostngone macrumors 65816

    lostngone

    Joined:
    Aug 11, 2003
    Location:
    Anchorage
    #4
    Yes you are safe, obviously the more layers for protection you have the better but if the Mac OS X firewall is on you really have very little to worry about.
     
  5. ppc750fx macrumors 65816

    Joined:
    Aug 20, 2008
    #5
    In theory, yes, if your software firewall is properly configured.

    Still, why? There's not much point (IMHO) in exposing yourself to more risk than is necessary, and this seems like a pretty good example of doing just that.
     
  6. brand macrumors 601

    brand

    Joined:
    Oct 3, 2006
    Location:
    127.0.0.1
    #6
    Correction it should read...

    Just open 12,000 to 12,100 and you'll be ok.
     
  7. higgalls macrumors regular

    Joined:
    Mar 20, 2008
    #7
    DMZ is NOT safe at all.
    What DMZ does is when it is turned on, ALL data that is sent to the router is then forwarded on to that computer regardless of whether it is meant for it or not (the data does go to the computer it is meant to go to also). That computer that is the DMZ'd computer, then can use that data however it is set up to use it (so servers can be set up for this if you don't want to play with port-forwarding on the router).

    Now, yes you can use software firewalls then on the computer, but the problem is that a router uses NAT to address the computers within the local network. Now, NAT provides a huge security advantage as you cannot easily connect to a computer past the router from within the Internet (read how NAT works).
    With a DMZ, it means that someone can easily gain access to the DMZ'd computer as there is no need to worry about NAT as all traffic goes directly to that computer.

    So it is generally advisable NOT to put a computer in the DMZ. Always use port-forwards instead, as that way you choose which traffic goes where, rather than completely opening up the security on your router.

    Anyway, thats the basics of it. Yes it is a huge risk.
     

Share This Page