In the computer network world, a DeMilitarized Zone (DMZ) is a part of a network separated from other systems by a Firewall which allows only certain types of network traffic to enter or leave. For example, a company will protect its internal networks from the Internet with a Firewall, but will have a separate network, or DMZ, to which the public can gain limited access. Public web servers might be placed in such a DMZ. With the DMZ approach, large companies with complex e-commerce Internet and extranet applications may have a two-tiered approach to firewall security.

In a network with DMZ, all Internet traffic is routed through an Internet or external firewall. This firewall allows only Web traffic and Internet mail through to the Demilitarized Zone (DMZ). All Web and application servers reside in the DMZ for security purposes.

The Internal firewall allows e-mail traffic and database connections from the DMZ servers to pass through. This way, the system administrators can be assured that only e-mail traffic and database calls from the secured DMZ server can access corporate information.

External users can be authenticated by obtaining a browser certificate from the certificate server. The servers can authenticate these users based on their certificates and encrypt the network traffic from the browser to the application server.

DMZ: DeMilitarized Zone in Networks

Related Terms: Firewall, Authentication