Demilitarized Zone (DMZ)

Get Certified Get Ahead

Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance (IA) policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks. 

See  NIST SP 800-82 Rev. 2 under Demilitarized Zone (DMZ) for more information. 

A host or network segment inserted as a “neutral zone” between an organization’s private network and the Internet. 

See the following for more information: 

NIST SP 800-44 Version 2 under Demilitarized Zone (DMZ) 
CNSSI 4009-2015 (NIST SP 800-45 Version 2
NIST SP 800-82 Rev. 2 under Demilitarized Zone (DMZ) (NIST SP 800-45
 
An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied. 

See the following for more information: 

NIST SP 800-41 Rev. 1 under Demilitarized Zone (DMZ) 
NIST SP 800-82 Rev. 2 under Demilitarized Zone (DMZ) (NIST SP 800-41
 
A network created by connecting two firewalls. Systems that are externally accessible but need some protections are usually located on DMZ networks. 

See  NISTIR 7711 under Demilitarized Zone for more information.  

Share this Post