“DMZ” is a military term meaning “is an area, usually the frontier or boundary between two or more military powers (or alliances), where military activity is not permitted, usually by peace treaty, armistice or other bilateral or multilateral agreement.” In the world of computer networking and security the term DMZ refers to a network zone that sits between the internal (trusted network) and external (untrusted network). The external or untrusted network is typically the Internet (or an extranet) and the internal or trusted network would be the corporate intranet.
What is the purpose of a DMZ?
The main purpose for a DMZ is to separate hosts that need to be accessed from an external network from the internal network. This is useful for companies that need to offer information and services to external users like Web, DNS, Mail and FTP access to the outside world. In this case, the hosts on the internal network can initiate communication with the hosts on the DMZ network and hosts from the external network can initiate communication with hosts on the DMZ network. However in most cases hosts from the external network cannot initiate communications with hosts on the internal network and hosts on the DMZ network cannot initiate communications with hosts on the internal network.