Demilitarized Zone

Set of systems between internal and external networks

A demilitarized zone (DMZ) is a network positioned between a secure LAN and the external internet, allowing the separation of exposed services such as email and web hosting from the internal network.

Machines in the DMZ are usually server systems which are by their nature less secure than systems within the LAN - they need to allow access from outside to carry out web and mail transactions. Firewalls usually sit on either side of the DMZ filtering traffic, and those between the LAN and the DMZ will normally only allow initiation of connections from the inside, thus providing an extra layer of security should the systems in the DMZ be subjected to attack or compromised.

In some cases a single system is used as a combined firewall and DMZ, prozying all services.

Glossary


	Similar entries Anti-malware Anti-spyware Anti-virus Behaviour blocker Blacklist CAPTCHA Challenge-response Content filtering Encryption Firewall Heuristics Intrusion detection system Intrusion prevention system Layered defence OCR On-access scanning Patch Patch Tuesday Public Key Cryptography Service pack Spam filter URL filtering Walled garden Whitelisting See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

VB100 certification


	This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details. See full results.

Virus Bulletin currently has 224,242 registered users.

Fighting malware and spam

Demilitarized Zone

See also