DMZ stands for a demilitarized zone. Now a DMZ is used to improve the security of an organization’s network by segregating devices like computers and servers on the opposite sides of a firewall. So, it’s a type of like creating two separate networks.
So the question is why would you like to do this? and how does a DMZ accomplish this? So let’s do an example here. So here we have a network that belongs to a corporation and this company has computers and servers that are behind a firewall. And during this company, we’ve servers that require to be accessed by people from the web in order that the company can stay in business.
So for example These servers might be a web server and an email server. Now because these servers are behind the company’s firewall, they’re inside the company’s private network. in order that would mean that this company is letting in people from an untrusted network like the web, be given access behind the company’s firewall and into the company’s private network where the servers are.
But this might cause a security concern because as people are accessing these servers hackers could use this as a gap to cause havoc on the company’s network. Because remember, they already got past the firewall because the servers are behind the firewall. So now hackers can attempt to access other sensitive data from other devices that are behind the firewall. like a database server, where sensitive data is kept or they’ll even attempt to plant a virus. So this is a security concern. But what if the company put public access to web and email servers outside the company’s internal network and put them on the opposite side of the firewall? Now the servers would still be within the same building but they might be on the other side of the firewall. So now when people access these servers from the web they’re not going to be accessing them behind the company’s internal firewall where the company’s sensitive data is kept. These servers are now out in front, facing the internet, and fully exposed.
So this is exactly what is DMZ.
These servers are now in a DMZ which is additionally referred to as a perimeter network. And his perimeter network also can act as a sort of a screened network to detect any malicious activity before it can get behind the firewall and into the company’s internal network So a DMZ divides a network into two parts by taking devices from inside the firewall then putting them outside the firewall.
Now this DMZ setup only uses one firewall. But a more secure DMZ will use two firewalls. an additional firewall is going to be added then put in front of a DMZ. This second firewall adds an extra layer of protection to make sure that only legitimate traffic can access the DMZ and it also makes it tons harder for hackers to penetrate into the company’s Internal network because they might need to go through two different firewalls if they want to try and access the company’s internal network.
Now there’s also a DMZ that you simply can configure in your home And this is often done by using a typical home router. Now those of you who have configured a home router may have seen a section in the advanced settings of the router’s configuration page that talks about setting up a DMZ.
Common use of a DMZ in your house is to place a gaming console like an Xbox or Playstation and configuring it as a DMZ host. And this is often done because a lot of these gaming consoles are often used for online gaming and gamers don’t need any interference that could happen from a firewall. so they don’t want to have to mess with any kind of port forwarding configuration, which may sometimes be a hassle. in order that they can just enter the DMZ settings within the router and put within the gaming console’s IP address as the DMZ.
And it’s also important to notice that the device within the DMZ should be configured with a static IP Rather than a dynamic IP So in this set up the home router is the firewall and these computers here are safe behind the router’s firewall. But the gaming console is on the opposite side of the router’s firewall and placed in the DMZ and fully exposed to the internet. So last that’s what DMZ means. A demilitarized zone. In the real world, it’s an area where the military is forbidden or in the computing world, It’s where firewall protection is forbidden.