In computer networks, a DMZ (demilitarized
zone) is a computer host or small network inserted as a
"neutral zone" between a company's private network
and the outside public network. It prevents outside users
from getting direct access to a server that has company
data. (The term comes from the geographic buffer zone that
was set up between North Korea and South Korea following
the UN "police action" in the early 1950s.) A
DMZ is an optional and more secure approach to a firewall
and effectively acts as a proxy server as well.
In a typical DMZ configuration for a small company, a separate
computer (or host in network terms) receives requests from
users within the private network for access to Web sites
or other companies accessible on the public network. The
DMZ host then initiates sessions for these requests on the
public network. However, the DMZ host is not able to initiate
a session back into the private network. It can only forward
packets that have already been requested.
Users of the public network outside the
company can access only the DMZ host. The DMZ may typically
also have the company's Web pages so these could be served
to the outside world. However, the DMZ provides access to
no other company data. In the event that an outside user
penetrated the DMZ host's security, the Web pages might
be corrupted but no other company information would be exposed.
Cisco, the leading maker of routers, is one company that
sells products designed for setting up a DMZ.
|