Contact Us Today 01642 716680

Demilitarized Zone

Definition: In cyber security, a Demilitarized Zone (DMZ) is a physical or logical subnetwork that exposes an organisation's external-facing services to an untrusted network, typically the internet. The purpose of a DMZ is to add an additional layer of security to an organisation's local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network.

The Demilitarized Zone (DMZ) hosts public services such as web servers, email servers, and domain name servers (DNS), isolating them from the rest of the network for security reasons. If a breach occurs, the Demilitarized Zone architecture aims to prevent attackers from advancing into the core internal network where sensitive data and resources reside.

Setting up a Demilitarized Zone involves using firewalls to create a buffer zone between the internet and the LAN. Traffic coming from the internet to the DMZ is screened to ensure that it only consists of safe connection requests for the specific service offered, while communication from the DMZ to the LAN undergoes a rigorous assessment to prevent attacks.

Key Characteristics:

  • Isolation of Services: Contains services that need to be accessible from the public network yet separate from the internal network.
  • Layered Security: Functions as part of a broader security posture which may include firewalls, intrusion detection systems, and other measures.
  • Traffic Screening: Regulates incoming and outgoing network traffic based on security protocols.
  • Breach Containment: In the event of a compromise, limits the attacker’s access to the DMZ area only.


  • Real-World Example: A corporation’s customer-facing website is hosted in a DMZ to ensure that the general public can access it without risking the security of the corporation’s internal corporate network.
  • Hypothetical Scenario: A university places its library database server in a DMZ, allowing students and faculty to access it off-campus while protecting the internal network that contains sensitive research data and personal information.

Related Terms:

  • Firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules, often used to create a DMZ.
  • Network Segmentation: The practice of splitting a computer network into subnetworks, each being a network segment or network layer, to improve performance and security; DMZ is a form of network segmentation.
  • Perimeter Network: Another term for DMZ, indicating its place at the boundary of an organisation’s network.

What is the OWASP Top 10: Download our flash cards to find out.

Inside you will find a description of the most common web vulnerabilities.

Contact us

Get a free, no obligation quote from one of our expert staff.