DMZ (computing)

In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network or screened subnet) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is protected behind a firewall.^[1] The DMZ functions as a small, isolated network positioned between the Internet and the private network.^[2]

This is not to be confused with a DMZ host, a feature present in some home routers which frequently differs greatly from an ordinary DMZ.

The name is from the term demilitarized zone, an area between states in which military operations are not permitted.

^ "Control System Security DMZ". Official website of The Cybersecurity and Infrastructure Security Agency (CISA) for the Dept. of Homeland Security, USA. Archived from the original on 2020-06-09. Retrieved 2020-06-09.
^ "What is a DMZ and How does it Work?". Techtarget SearchSecurity. Retrieved 2020-06-09.

[1] "Control System Security DMZ". Official website of The Cybersecurity and Infrastructure Security Agency (CISA) for the Dept. of Homeland Security, USA. Archived from the original on 2020-06-09. Retrieved 2020-06-09.

[2] "What is a DMZ and How does it Work?". Techtarget SearchSecurity. Retrieved 2020-06-09.

[1]

[2]