Demilitarized zone (DMZ) is a firewall technique used to protect own networks from publicly accessible networks, but equally to protect corporate computers that must be accessible from public networks and from the internal corporate network.
The DMZ technique is considered to be sufficiently secure and provides protection for the corporate servers and network components that form the access to the public network.
The servers located in the DMZ do not strategically belong to the corporate network and therefore cannot pass information from it. The protection mechanisms against attacks or unauthorized access are provided on both sides of the DMZ: from the public network via the external firewall, and to the internal corporate network via the internal firewall. In addition, the traffic in the corporate network is handled by a bastion host. The protection mechanism is thus threefold.
The DMZ usually houses application gateways, web servers, mail servers and authentication servers, as well as e-commerce systems. In addition to the demilitarized zone, there is also the semi-militarized zone( SMZ), which allows restriction to certain services.