Every corporate office has a official public website which can be accessed by every individual using public internet. Data related to this site has to be stored in servers and the location of these servers is a challenge! The challenge is servers have to be accessible by the public users but they should not disturb the internal network of the organization in other words an attacker from internet should not be able to reach the internal network through these servers. Then came the concept of DMZ. It is a zone that lies between an organization’s internal network and an external network, usually the Internet
Concept of DMZ :
In military terms, a De-Militarized zone (DMZ) is an area, usually the frontier or boundary between two or more military powers (or alliances), where military activity is not permitted, usually by peace treaty or other bilateral or multilateral agreement
In a computer network apart from the Internet and Intranet there exists De-militarized zone which has the security protection level lying in between the Intranet and the Internet. The Intranet is a High security zone where the internal host systems, servers etc., of an organization are present and which are to be secured from the attacks or threats. Internet is an outside public network which is considered as a low security zone.
Traffic flow in DMZ installed networks:
- Internal hosts can access DMZ and internet.
- External hosts can access only DMZ not the intranet.
- DMZ hosts can access internet only.