Demilitarized Zone (DMZ) is an area between two networks, that is accessible from both networks. This is generally where public servers are located. VLANs and Subnets can provide a similar function within a network, but not between two separate networks.
In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network or screened subnet) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is firewalled. The DMZ functions as a small, isolated network positioned between the Internet and the private network.This is not to be confused with a DMZ host, a feature present in some home routers which frequently differs greatly from an ordinary DMZ.
The name is from the term demilitarized zone, an area between states in which military operations are not permitted.