What is the difference between a DMZ and Zone?

Calling all security pros:  What are the requirements that make a DMZ a DMZ?  If I stand up a server in a segmented network exposed to untrusted with only the ports open that are absolutely necessary? How is that any different than opening ports in the firewall to an internal server other than segmenting the server from other servers?

I know what a DMZ is but don't quite understand what are the different pieces that make a complete DMZ solution or DMZ best practices?  Isolate from internal systems by doing more than just putting the server on it's own subnet?  Is there specific firewall requirements that make it a 'DMZ' ? How is a DMZ different from an application zone?

Thanks in advance!!
Who is Participating?
By putting something in a DMZ you're not just protecting that server; you're also protecting your internal network. If someone does manage to gain access to the outside-facing server and it's in a LAN with other stuff, that server will have full access to the other stuff. By isolating it you limit that access only to what's allowed.

It is basically just isolating it, whether with a firewall or just using an access list.
Dave HoweSoftware and Hardware EngineerCommented:
DMZ is a term borrowed from military practice - it is a network that has some protection from the internet, but which you don't actually trust enough to give access to the local network - so it acts as a semi-trusted area to store things like webservers, so if the webserver is compromised, they must still get past a firewall to get to your actual network. In the Cisco world, it used to be that the lan had a trust value of "100" and the internet a trust value of "0" - the DMZ had (sensibly enough) a trust value of "50" so was less trusted than the lan, but more trusted than the internet.

Zone based firewalling is an extension of the same idea, but instead of having just three zones, you have have many, and define exactly how the traffic between each zone is controlled on a zone-pair basis.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.