// THREAT DETECTION AND DATA PRIVACY TERM

DMZ

A DMZ, or Demilitarized Zone, is a small, isolated network that sits between a company's secure internal network and the public internet. It hosts services that need to be public-facing, like web or email servers, adding an extra layer of security to protect sensitive internal data.

TECHNICAL DEFINITION

A Demilitarized Zone (DMZ) is a perimeter network security architecture that isolates public-facing services (e.g., web servers, DNS servers, mail servers) from an organization's internal Local Area Network (LAN). It is implemented using firewalls to create a screened subnet that controls traffic between the internet, the DMZ, and the trusted private network, thereby minimizing the attack surface.

BACKGROUND

In computer security, a DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is protected behind a firewall. The DMZ functions as a small, isolated network positioned between the Internet and the private network.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • perimeter network
  • screened subnet
  • network buffer zone
  • bastion host network
  • triple-homed firewall

USAGE NOTE

A DMZ is a standard network architecture pattern for securely exposing public-facing services without compromising the internal trusted network.

DEVELOPERS

Organizations developing technology related to DMZ.

  • Palo Alto Networks

    Develops Next-Generation Firewalls (NGFWs) and other security platforms that are fundamental for creating and enforcing security policies within a DMZ. Their products control traffic flow between the internet, the DMZ, and the internal network.

  • Cisco Systems

    A leading provider of networking and security hardware. Their firewalls, such as the Cisco Secure Firewall (formerly ASA and Firepower series), are widely used to establish network perimeters and segment networks to create secure DMZs.

  • Fortinet

    Offers a security platform centered around its FortiGate firewalls, which provide the core functionality for network segmentation and DMZ implementation. They also provide Web Application Firewalls (FortiWeb) and other solutions typically deployed within a DMZ.

  • Check Point Software Technologies

    A pioneer in the firewall industry, Check Point provides security gateways and management solutions used to build and protect network perimeters. Their products are used to define and secure DMZ architectures.

  • F5, Inc.

    Specializes in application delivery and security services. Their BIG-IP platform, which includes Application Delivery Controllers (ADCs), load balancers, and Web Application Firewalls (WAFs), is commonly deployed inside a DMZ to manage and protect web-facing applications.

  • Cloudflare

    Provides a global cloud network that acts as a modern, cloud-based DMZ. Its services, including WAF, DDoS mitigation, and reverse proxying, protect web applications at the edge before malicious traffic can reach the origin servers.

  • Juniper Networks

    Manufactures high-performance networking and cybersecurity products. Their SRX Series Services Gateways are next-generation firewalls designed to secure network edges and data centers, enabling the creation of robust DMZ segments.

  • Imperva

    Focuses on application and data security solutions. Imperva's Web Application Firewall (WAF) and DDoS protection services are key technologies deployed in a DMZ to shield applications from web-based attacks.

RELATED TERMS IN DEFENSE & ARCHITECTURE