A DMZ (Demilitarized Zone) is a part of a network that is somewhat protected, and allowed to be accessed externally and internally. However, it is also separated from the internal network, allowing a more secure environment internally.
In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network or screened subnet) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is firewalled. The DMZ functions as a small, isolated network positioned between the Internet and the private network.This is not to be confused with a DMZ host, a feature present in some home routers which frequently differs greatly from an ordinary DMZ.
The name is from the term demilitarized zone, an area between states in which military operations are not permitted.