What Is a DMZ and How Does It Work?

A DMZ is a secure server that adds an additional layer of security to a network and acts as a buffer between a local area network (LAN) and a less secure network which is the Internet. A DMZ server is known as a Data Management Zone and provides secure services to local area network users for email, Web applications, ftp, and other applications that require access to the Internet. DMZ in networking gets its name from the demilitarized zones, which is land that the military would use as a barrier against the enemy.

How a DMZ Works?

A DMZ is a management server that is placed on the network that contains multiple network interfaces that play specific roles in protecting the local area network (LAN). IT administrators use a 4-port Ethernet card in the firewall to create a series of networks that include an internal trusted network, DMZ network, and the untrusted network which is the Internet.

Multiple DMZ networks are created to reduce the impact of damage to the system in the event that one of the DMZ hosts is compromised for any reason. Although a regular network firewall is installed to provide protection for the local area network, a DMZ establishes rules for protecting the DMZ network from the Internet. It also establishes rules for protecting the local area network from the DMZ in the event the DMZ is compromised. This provides added protection against hackers that try to breach the local area network.

DMZ Host Security

Because the DMZ management server network acts as a buffer zone between the local area network and the Internet, it is a less secure network than the internal network. For this reason, there are added security measures that are taken for a DMZ host which include, disabling unnecessary services, running the necessary services with the privileges reduced, eliminating any unnecessary user accounts, and making sure the DMZ has the latest security updates and patches. Although there are computers that have access to the DMZ, if there is a security breach it will not compromise the entire network like it would if the entire network is accessible to the Internet.


Another method that is used to secure a DMZ network is called a "honeypot" or "honeynet" which is a network of computers that is constructed for the purpose of luring hackers. The hackers are caught and tracked in the computers that are connected to the honeypot which diverts them away from the authentic resources.

The computers that are part of the honeypot are actually virtual machines that are embedded in a single machine. Network administrators then deploy intrusion detection systems and other monitoring systems on the honeypot to discover the identity of the hackers and some of the techniques they are using.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.