Comment by avar
12 years ago
Using "DMZ" in this context is very confusing, in common usage it means the exact opposite of what you intended.
A lot of home routers have a "DMZ" feature that gives the device you put in the DMZ full access to the outside internet, but restricts their access to other hosts on the local network.
It's typically used for gaming machines when you can't be bothered to forward a lot of ports individually, I have a gaming console in a "DMZ" on my network so I can play games online without fuss.
This is what sdfjkl is intending I think. Have the TVs/Whatever on the other side so they can't scan your network shares to get the information to send back the HQ.
I would be much more effective, straightforward and ultimately more useful though, to firewall the TVs from the internet outbound so they can collect data all they like and never send it home.
Both actually. They might need access to your internal network to access your file shares and whatnot, but you'll want to make sure they can access only the parts you want them to, and nothing else, so they can't for example log onto your unsecured printer and collect a list of most recent print jobs, including filenames.
And they might need to access the internet to download firmware updates and stream video, but you don't want them to "LG phone home" and report your midget porn viewing habits, so you'll block that.
Of course all that requires quite a bit of knowledge, time and equipment to set up and is therefore quite unrealistic, so you're better off just hooking up your laptop via HDMI and putting the damn TV into monitor mode, "smart" be damned.