What Is a DMZ and How Does It Work?

A DMZ is a secure server that adds an additional layer of security to a network and acts as a buffer between a local area network (LAN) and a less secure network which is the Internet. A DMZ server is known as a Data Management Zone and provides secure services to local area network users for email, Web applications, ftp, and other applications that require access to the Internet. DMZ in networking gets its name from the demilitarized zones, which is land that the military would use as a barrier against the enemy.

How a DMZ Works?

A DMZ is a management server that is placed on the network that contains multiple network interfaces that play specific roles in protecting the local area network (LAN). IT administrators use a 4-port Ethernet card in the firewall to create a series of networks that include an internal trusted network, DMZ network, and the untrusted network which is the Internet.

Multiple DMZ networks are created to reduce the impact of damage to the system in the event that one of the DMZ hosts is compromised for any reason. Although a regular network firewall is installed to provide protection for the local area network, a DMZ establishes rules for protecting the DMZ network from the Internet. It also establishes rules for protecting the local area network from the DMZ in the event the DMZ is compromised. This provides added protection against hackers that try to breach the local area network.

DMZ Host Security

Because the DMZ management server network acts as a buffer zone between the local area network and the Internet, it is a less secure network than the internal network. For this reason, there are added security measures that are taken for a DMZ host which include, disabling unnecessary services, running the necessary services with the privileges reduced, eliminating any unnecessary user accounts, and making sure the DMZ has the latest security updates and patches. Although there are computers that have access to the DMZ, if there is a security breach it will not compromise the entire network like it would if the entire network is accessible to the Internet.


Another method that is used to secure a DMZ network is called a "honeypot" or "honeynet" which is a network of computers that is constructed for the purpose of luring hackers. The hackers are caught and tracked in the computers that are connected to the honeypot which diverts them away from the authentic resources.

The computers that are part of the honeypot are actually virtual machines that are embedded in a single machine. Network administrators then deploy intrusion detection systems and other monitoring systems on the honeypot to discover the identity of the hackers and some of the techniques they are using.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.