A DMZ is an area in a computer network that’s somewhat unprotected from security attacks because it is intentionally made available to computers outside of its internal, protected network.
Web servers (computers that host web sites on the internet) are generally the only computers in the DMZ. These computers are put in the DMZ primary for 2 reasons:
- To be accessible to the public at large.
- To be separated from the more protected computers on the company’s network.
One technical issue that comes up with this arrangement is that web servers almost always need to talk to computers inside the corporate firewall, such as database servers. To accommodate this, a “hole” is opened through the corporate firewall to allow very specific and narrow traffic to make its way between the web server and the database server(s).