Answer Description

Wikipedia

In network security a screened subnet refers to the use of one or more logical screening routers as a firewall to define three separate subnets: an external router (sometimes called an access router), that separates the external network from a perimeter network, and an internal router (sometimes called a choke router) that separates the perimeter network from the internal network. The perimeter network, also called a border network or demilitarized zone (DMZ), is intended for hosting servers (sometimes called bastion hosts) that are accessible from or have access to both the internal and external networks. The purpose of a screened subnet or DMZ is to establish a network with heightened security that is situated between an external and presumed hostile network, such as the Internet or an extranet, and an internal network. A screened subnet is an essential concept for e-commerce or any entity that has a presence in the World Wide Web or is using electronic payment systems or other network services because of the prevalence of hackers, advanced persistent threats, computer worms, botnets, and other threats to networked information systems.