In computer networks, a DMZ (demilitarized zone) is a computer hostor small network inserted as a neutral zone between acompany´s private network and the outside public network. Itprevents outside users from getting direct access to a server thathas company data. (The term comes from the geographic buffer zonethat was set up between North Korea and South Korea following theUN police action in the early 1950s.) A DMZ is an optional and moresecure approach to a firewall and effectively acts as a proxyserver as well.
In a typical DMZ configuration for a small company, a separatecomputer (or host in network terms) receives requests from userswithin the private network for access to Web sites or othercompanies accessible on the public network. The DMZ host theninitiates sessions for these requests on the public network.However, the DMZ host is not able to initiate a session back intothe private network. It can only forward packets that have alreadybeen requested.
Users of the public network outside the company can access only theDMZ host. The DMZ may typically also have the company´s Webpages so these could be served to the outside world. However, theDMZ provides access to no other company data. In the event that anoutside user penetrated the DMZ hosts security, the Web pages mightbe corrupted but no other company information would be exposed.D-Link, a leading maker of routers, is one company that sellsproducts designed for setting up a DMZ.