A Demilitarised Zone (DMZ) is an information security concept that refers to a physical or logical subnetwork that acts as an intermediate zone between an organisation’s internal network and the Internet.
Key characteristics:
- Security isolation: It separates publicly accessible services (such as web, email or file servers) from the private internal network.
- Dual firewall: It is normally protected by two firewalls: one between the Internet and the DMZ, and another between the DMZ and the internal network.
- Risk minimisation: If a server in the DMZ is compromised, the attacker does not have direct access to the internal network.