Main Page | See live article | Alphabetical index

Demilitarized zone (computing)

In terms of computer security a demilitarized zone (DMZ) is a network area that sits between an organisation's internal network and an external network, usually the Internet. The DMZ allows contained hosts to provide services to the external network, while protecting the internal network from possible intrusions into those hosts.

Connectivity is allowed both from and to the external network. Connections from the external network are usually controlled using port address translation (PAT).

Connectivity is allowed from the internal network, but no access is allowed to the internal network.

Note that home routers sometimes refer to a "DMZ host". This is not a true DMZ by definition.