In the novel, The Hunt for Komodo Cracker, Thomas Faraday thought himself safe from hackers behind a DMZ, (Demilitarized Zone) that he implemented himself. Normally this defence strategy would certainly be hard to penetrate. Many network administrators use this to strengthen their network environment.
Here is a quick and simple definition of what a DMZ does according to Thomas Faraday. He explains his own DMZ this way, “The DMZ is well monitored with honeypots, fake web servers designed to attract hackers and if possible trace them to their source. It also had firewalls with a minimum amount of open ports to allow internet users access to the company’s web page which doubled as an email server. It blocked all access to the inside LAN network area where all the company employees had their workstations. This LAN area is where the main servers were located. It’s next to impossible for anyone without the proper access codes to breech the DMZ from the internet and end up in the LAN side undetected.”
If a DMZ is such a strong defence could you implement one for home use? When you buy a home router it almost always comes with a DMZ option integrated. But don’t let this fool you. Almost all home routers featuring a DMZ will allow you to have a computer made visible on the internet but if this computer gets compromised, the intruder will also have access to any other computers, tablets, or anything else connected to your home network, ouch!
But don’t despair; you can make a secure DMZ for your home or small office for free if you have a second router available. They’re available for less than one hundred dollars if you need to buy one.
This is a diagram of a simple home DMZ
Here is how you do it.
Configure router 1 to use 192.168.1.x where x equals your router’s IP address. This is the router directly connected to your ISP provider.
Connect your computer into one of the ports of router 1. This is the computer that will be accessed from the internet.
Now plug router 2 into one of the ports of router 1. Configure router 2 to use 192.168.2.x where x equals your router’s IP address like you did on router 1.
You can now connect all of your computers and other devices into router 2.
Not all routers are configured the same way so you will need the user’s manual for instruction on how to assign an IP address. If you don’t have the user’s manual you can most likely download it from the router’s website.
One last note, you will probably have WIFI capability on both your routers. If so make sure to secure it with a strong pass phrase and use at the very least WPA or WPA2 for the DMZ and WPA2 for your home network. Also give each router a non-descriptive name to conceal that you have a DMZ.
That’s it. Now you have a simple yet effective home DMZ.
Soon I will blog about a free network intrusion detection system to protect yourself from hackers.
If you have any questions, please sign up to be part of my email list and write DMZ in the subject line.