Stands for "Demilitarized Zone." In computing, a DMZ is a section of a network that exists between the intranet and a public network, such as the Internet. It may contain a single host or multiple computer systems.
The purpose of a DMZ is to protect an intranet from external access. By separating the intranet from hosts that can be accessed outside a local network (LAN), internal systems are protected from unauthorized access outside the network. For example, a business may have an intranet comprised of employee workstations. The company's public servers, such as the web server and mail server could be placed in a DMZ so they are separate from the workstations. If the servers were compromised by an external attack, the internal systems would be unaffected.
A DMZ can be configured several different ways, but two of the most common include single firewall and dual firewall architectures. In a single firewall setup, the intranet and DMZ are on separate networks, but share the same firewall, which monitors and filters traffic from the ISP. In a dual firewall setup, one firewall is placed between the intranet and the DMZ and another firewall is placed between the DMZ and the Internet connection. This setup is more secure since it provides two layers of defense against external attacks.
NOTE: The term "DMZ" or "Demilitarized Zone" comes from a military term used to describe a neutral area where military operations are not allowed to take place. These areas typically exist along the border between two different countries. They serve as a buffer and are designed to prevent unnecessary escalations of military action. Similarly, a DMZ is a neutral area within a computer network that can be accessed by both internal and external computer systems.
Updated: September 26, 2014