Demilitarized Zone (DMZ)

Demilitarized zone (DMZ) is a layer of protection that separates a device from the rest of a network by using multiple layers of firewalls.

in other words, it’s a perimeter network designed to be securely separated from an organization’s private internal network
allows untrusted users outside an organization’s LAN (intranet) to access specific services located within the DMZ
- E.g., public websites, FTP server for file downloads, public email service
method of network segmentation

How it works

Example

The internet-facing firewall might allow traffic through to a web server sitting in the DMZ

but the internal firewall would not allow traffic from the internet through to the internal servers

The DMZ creates a zone that allows public-facing servers to be accessed from the outside while both providing a measure of protection for them and restricting traffic from those servers from penetrating the more sensitive portions of your network.

Benefits:

Helps to prevent the scenario where attackers compromise your public-facing servers and use them to attack the other servers behind them.

adam's notes

Table of Contents

Demilitarized Zone (DMZ)

How it works

Graph View

Backlinks