Back to Security Pattern Catalog

Demilitarized Zone

Classification Key : Perimeter Security, Tampering


Internet technology systems are regularly subject to attacks against their functionality, resources and information. Using a firewall to protect the system from malicious traffic, does not work if the firewall is not configured correctly. How can we protect the systems from direct attacks?


Provide a region of the system that is separate from both internal and external users and the internal data and functionality – commonly known as the demilitarized zone (DMZ). Restrict access to the region from outside by limiting network traffic flow to certain physical servers. Use the same technique to restrict access from servers in the DMZ to the internal systems.

Known Uses

DMZs provided by Sun, Cisco, Microsoft etc.

Related Patterns

Packet Filter Firewall


Wiley Book


Firewall, DMZ


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz