A DMZ (Demilitarized Zone) is a separate network segment used to host systems that must be accessible from the internet while keeping the internal network secure.
It is commonly used in server environments and network infrastructure to isolate public services.
---
1. Why Use a DMZ?
If you run services like a web server or mail server, they need to be reachable from the internet.
Without a DMZ:
- Servers are placed directly in the internal network
- If compromised → attackers may access internal systems
- Public services are isolated
- Internal network stays protected
2. How a DMZ Works
A DMZ sits between the internet and the internal network.
Typical structure:
- Internet → Firewall → DMZ → Firewall → Internal Network
- Internet → Router/Firewall → DMZ + LAN (separated by rules)
3. What Goes Into a DMZ?
Systems that must be publicly accessible:
- Web servers (HTTP/HTTPS)
- Mail servers (SMTP)
- DNS