The term DMZ (De-Militarized Zone), is generally used to describe the geographical area separating North Korea from South Korea in the 1950s, after the Korean War. The entire area was liberally hosed down with Agent Orange, a powerful defoliant, (toxic to humans, and allegedly the cause of many diseases in GIs) that stripped the land of vegitation, in an attempt to prevent cross border incursions

In computer networking and security terms however, it refers to a host, small network, or segment that sits in between a private network and the public network as a type of firewall, typically between your Internet router and host. The DMZ host initiates sessions for users on the private network when they send requests for connections on the public network to it (in effect acting like a proxy server). However, the DMZ host is not able to initiate a session back into a machine located inside the private network and only forwards packets that have already been requested. This prevents from outside coming into the private network (unless the attacker can mask the packets so they look like they're coming from a server requested by a current session). The DMZ host can house information that the private network operator wishes to be available to the outside world (ie webpages), although this information is open to attack.
disusered = D = do protocol


(common) Literally, De-Militarized Zone. Figuratively, the portion of a private network that is visible through the network's firewalls (see firewall machine). Coined in the late 1990s as jargon, this term is now borderline techspeak.

-- Jargon file 4.3.0

From the game of Diplomacy, a DMZ (De-Militarized Zone) is a territory where two or more players agree not to enter without previous consent of the others.

This agreement is usually made to avoid conflict in critical spots of the game board, specially in the early game where alliances are not yet defined, but also on the late game where keeping a strong long-lasting alliance is critical.

The player who invades a DMZ is said to have 'broken' it and is usually seen as an agressor.

In networking jargon, a DMZ is usually a part of a private network that has part of its services available to the general internet traffic.

Imagine you want to host your own publicly available web server within your office, where you have a small LAN. You want people to be able to reach your office from the internet, because they need to query your web server and access its pages, but you would not want them to browse your own PC's or file servers. The solution in this case is usually to use a firewall (something like a properly configured linux box with multiple network cards or a hardware solution like a Cisco PIX) that allows for multiple protected zones on each of its nework cards.

In our simple case we would likely have three separate nertwork cards:

  • one going to the general internet;
  • one going to the office LAN; machines "behind" this port are rendered completely invisible from the internet, likely using NAT and port filtering;
  • one going to the DMZ; machines here are partially visible from the internet using appropriate port filtering rules.
This way you can share the same internet connection pipe between your web server and your office, with full security.

Log in or register to write something here or to contact authors.