In computer networking, DMZ is a
firewall configuration for securing local area networks (LANs).
In a DMZ configuration, most
computers on the LAN run behind a firewall connected to a public
network like the Internet. One or more computers also run outside the firewall,
in the DMZ. Those computers on the outside intercept traffic and broker
requests for the rest of the LAN, adding an extra layer of protection for
computers behind the firewall.
Traditional DMZs allow computers
behind the firewall to initiate requests outbound to the DMZ. Computers in the
DMZ in turn respond, forward or re-issue requests out to the Internet or other
public network, as proxy servers do. (Many DMZ implementations, in
fact, simply utilize a proxy server or servers as the computers within the
DMZ.) The LAN firewall, though, prevents computers in the DMZ from initiating
inbound requests.
DMZ is a commonly-touted feature
of home broadband routers. However, in most instances these features are not
true DMZs. Broadband routers often implement a DMZ simply through additional
firewall rules, meaning that incoming requests reach the firewall directly. In
a true DMZ, incoming requests must first pass through a DMZ computer before
reaching the firewall.
0 comments:
Post a Comment