Demilitarized Zone

Set of systems between internal and external networks

A demilitarized zone (DMZ) is a network positioned between a secure LAN and the external internet, allowing the separation of exposed services such as email and web hosting from the internal network.

Machines in the DMZ are usually server systems which are by their nature less secure than systems within the LAN - they need to allow access from outside to carry out web and mail transactions. Firewalls usually sit on either side of the DMZ filtering traffic, and those between the LAN and the DMZ will normally only allow initiation of connections from the inside, thus providing an extra layer of security should the systems in the DMZ be subjected to attack or compromised.

In some cases a single system is used as a combined firewall and DMZ, prozying all services.

Poll

Should anti-virus software be free for personal use?

Leave a comment
View 43 comments

Malware Prevalence

Agent
Zbot
Suspect packers
Dropper-misc
Delf

View this month's full report

Virus Bulletin currently has 144,127 registered users.

Fighting malware and spam

Demilitarized Zone

Anti-malware

Anti-spyware

Anti-virus

Behaviour blocker

Blacklist

CAPTCHA

Challenge-response

Content filtering

Encryption

Firewall

Heuristics

Intrusion detection system

Intrusion prevention system

Layered defence

OCR

On-access scanning

Patch

Patch Tuesday

Public Key Cryptography

Service pack

Spam filter

URL filtering

Walled garden

Whitelisting

See also

Glossary

Resources

Poll

Malware Prevalence