We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.

In Computer Networking, what is DMZ?

By Derek Schauland
Updated May 16, 2024
Our promise to you
EasyTechJunkie is dedicated to creating trustworthy, high-quality content that always prioritizes transparency, integrity, and inclusivity above all else. Our ensure that our content creation and review process includes rigorous fact-checking, evidence-based, and continual updates to ensure accuracy and reliability.

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

Editorial Standards

At EasyTechJunkie, we are committed to creating content that you can trust. Our editorial process is designed to ensure that every piece of content we publish is accurate, reliable, and informative.

Our team of experienced writers and editors follows a strict set of guidelines to ensure the highest quality content. We conduct thorough research, fact-check all information, and rely on credible sources to back up our claims. Our content is reviewed by subject-matter experts to ensure accuracy and clarity.

We believe in transparency and maintain editorial independence from our advertisers. Our team does not receive direct compensation from advertisers, allowing us to create unbiased content that prioritizes your interests.

A Demilitarized Zone (DMZ) is a network segment that is separated from other networks. Many organizations use them to separate their Local Area Networks (LAN) from the Internet. This puts additional security between their corporate network and the public Internet. It can also be used to separate one particular machine from the rest of a network, moving it outside of the protection of a firewall.

Frequent Uses

Common items that are placed in a DMZ are public-facing servers. For example, if an organization maintains its website on a server, that web server could be placed in a computer "Demilitarized Zone." In this way, if a malicious attack ever compromises the machine, the remainder of the company's network remains safe from danger. Someone can also place a computer on a DMZ outside of a network to test for connectivity issues being created by a firewall protecting the rest of the system.

Router Setup and Functionality

When connecting a LAN to the Internet, a router provides a physical connection to the public Internet, and firewall software offers a gateway to prevent malicious data from entering the network. One port on the firewall often connects to the network using an internal address, allowing traffic being sent out by individuals to reach the Internet. Another port is usually configured with a public address, which allows Internet traffic to reach the system. These two ports allow inbound and outbound data to communicate between the network and the Internet.

Purpose of a Demilitarized Zone

In creating a DMZ, an organization adds another network segment or subnet that is still part of the system, but not connected directly to the network. Adding a DMZ makes use of a third interface port on the firewall. This configuration allows the firewall to exchange data with both the general network and the isolated machine using Network Address Translation (NAT). The firewall does not usually protect the isolated system, allowing it to connect more directly to the Internet.

NAT Functionality

Network Address Translation allows data received on a certain port or interface to be routed to a specified network. For example, when someone visits an organization's web site, the browser is sent to the server hosting the site. If this organization keeps its web server in a DMZ, the firewall knows that all traffic sent to the address associated with their web site should be passed to the server sitting in the DMZ, rather than directly into the organization's internal network.

Drawbacks and Other Methods

Since the DMZ computer lies outside of the firewall's protection, it may be vulnerable to attacks from malicious programs or hackers. Companies and individuals should not store sensitive data on this type of system, and know that such a machine can potentially become corrupted and "attack" the rest of the network. Many networking professionals recommend "port-forwarding" for people experiencing networking or connection issues. This provides specific, targeted access to certain network ports, without opening up a system entirely.

EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
By flashg — On Sep 22, 2011

The answer is quite descriptive, thanks for your input.

By anon152957 — On Feb 15, 2011

Thanks for the information about DMZ

By anon93468 — On Jul 04, 2010

thanks very much. really a very good explanation.

By anon86525 — On May 25, 2010

good one. anyone can grasp the concept well with this explanation.

By anon81138 — On Apr 30, 2010

It is crystal clear. --satish

By anon77356 — On Apr 14, 2010

Good one. it helps.

By anon72415 — On Mar 23, 2010

nice one.

By anon67125 — On Feb 23, 2010

good and clear explanation,thanks. Paramsh

By anon57567 — On Dec 24, 2009

Most crisp DMZ explanation over the net. Superb. Thanks a lot.

By anon57494 — On Dec 23, 2009

thank for the simple explanation.

By anon56374 — On Dec 14, 2009

great work. thanks. shiva

By anon55052 — On Dec 04, 2009

Excellent article.

By anon54761 — On Dec 02, 2009

Very good explanation.

By anon52269 — On Nov 12, 2009

great info. thanks.

By anon46372 — On Sep 24, 2009

Good one.

By anon42686 — On Aug 23, 2009

thanks and got the complete understanding of the DMZ.

By anon40992 — On Aug 12, 2009

good article. thanks.

By ykrakesh — On Jun 30, 2009

Superb way of explanation, really useful.

By anon27767 — On Mar 05, 2009

This is a clear and simple explanation.

Thanks.

Adee

By anon24711 — On Jan 16, 2009

Very well written...

By anon20174 — On Oct 27, 2008

wow, simple and clear explanation, thanks.

By malena — On Feb 02, 2008

I didn't know DMZ applies in the computing world! I always thought it was confined to the political/military world!

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.