In
computer security, a
DMZ or
demilitarized zone (sometimes referred to as a
perimeter network) is a physical or logical
subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's
local area network (LAN); an external
network node only has direct access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term "
demilitarized zone", an area between nation states in which military operation is not permitted.