Security Encyclopedia

Demilitarized Zone (DMZ)

In information technology a Demilitarized Zone, or DMZ for a short, is a section of a network that serves as a neutral territory so as to protect the intranet from outside threats. It is a system that gives an interface to an untrusted outer system – as a rule, the Web – while keeping the inside, private system – generally the corporate network – isolated and secluded from the outside system.

A DMZ differs from a firewall in that a firewall is a network security system (e.g. device or software) that monitors and restricts incoming and outgoing network traffic based on defined risk.

A definitive objective of a DMZ is to enable access to assets from untrusted systems while keeping the private system verified. Assets usually put in the DMZ comprise Mail servers, FTP servers, and VoIP servers.

Example:

“Prior to deploying the new software to our production infrastructure, we ran extensive tests in our staging environments and Demilitarized Zone to ensure stability.”