What is Demilitarized Zone (DMZ)
The term DMZ is used to refer to what is essentially a buffer between the internet and the internal network. The DMZ is separated by an outer firewall on the internet facing side of the DMZ and an inner firewall on the internal network side of the DMZ. Any devices placed within the DMZ are accessible from both the internet and the internal network.
External-facing servers, resources and services are located in the DMZ so they are accessible from the Internet but the rest of the internal LAN remains unreachable. Any service that is being provided to users on the Internet should be placed in the DMZ. Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP ) servers, FTP servers, SMTP (e-mail) servers and DNS servers.
Any systems placed in the DMZ must be configured to the highest level of security possible (with the caveat that they must still be able to perform the role for which they are intended). These systems should always be considered to be compromised and must never be given direct and unrestricted access to the inner network.
Did you find this tutorial helpful? Don’t forget to share your views with us.