What is a DMZ? (Demilitarized Zone)

What is a DMZ? (Demilitarized Zone)


What is a DMZ? DMZ stands for a demilitarized Zone, so that’s what we’re going to talk about in this video now a DMZ is used to improve the security of an organization’s network by segregating devices such as Computers and servers on the opposite sides of a firewall, so it’s sort of like creating two separate networks So the question is why would you want to do this? And how does a DMZ accomplish this? So let’s do an example here So here we have a network that belongs to a company and this company has computers and servers That are behind a firewall and in this company we have servers that need to be Accessed by people from the internet so that the company can stay in business so for example These servers could be a web server and an email server now because these servers are behind the company’s firewall They are inside the company’s private network so that would mean that this company is letting in people from an Untrusted Network such as the Internet be given access Behind the company’s firewall and into the company’s private network where the servers are But this could cause a security concern because as people are accessing these servers Hackers could use this as an opening to cause havoc on the company’s network Because remember they already got past the firewall because the servers are behind the firewall So now hackers can try and access other sensitive data from other devices that are behind the firewall Such as a database server where sensitive data is kept or they may even try and plant a virus So this is a security concern. But what if the company put to public access to web and email servers outside the company’s internal network and put them on a opposite side of the firewall? Now the servers would still be in the same building But they would be on the other side of the firewall So now when people access these servers from the internet They are not going to be accessing them behind the company’s internal firewall Where the company’s sensitive data is kept these servers are now out in front facing the internet and fully exposed So this is exactly what a DMZ is So these servers are now in a DMZ which is also known as a Perimeter Network and this perimeter network can also act like a screened network to detect any malicious Activity before it can get behind the firewall and into the company’s internal network so a DMZ Divides a network into two parts by taking devices from inside the firewall and then putting them outside the firewall Now this DMZ setup only uses one firewall but a more secure DMZ will use two firewalls an Extra firewall will be added and then put in front of a DMZ this second firewall adds an extra layer of protection to make sure that only legitimate traffic can access the DMZ and it also makes it a lot harder for hackers to penetrate into the company’s Internal network because they would have to go through two different firewalls if they want to try and access the company’s internal network Now there’s also a DMZ that you can configure in your home And this is done by using a typical home router Now those of you who have configured a home router may have seen a section in the Advanced Settings of the routers configuration page that talks about setting up a DMZ so for example Here are the DMZ setup pages from a Linksys and a Netgear home router Now this type of setup is not really a true DMZ, this is just setting up a DMZ host Setting up a DMZ in your home router Designate a device as a DMZ host and will forward all the ports to that device So for example a common use of a DMZ in your home is to put a gaming console such as an Xbox or Playstation and configuring it as a DMZ host and this is done because a lot of these gaming consoles are often used for online gaming and Gamers don’t want any interference That could happen from a firewall so they don’t want to have to mess with any kind of port forwarding configuration which can sometimes be a hassle so they can just go into the DMZ settings in the router and put in the gaming consoles IP address as the DMZ and It’s also important to note that the device in the DMZ should be configured with a static IP Rather than a dynamic IP So in this set up the home router serves as the firewall and these computers here are safe behind the routers firewall but the gaming console is on the opposite side of the routers firewall and placed in the DMZ and fully exposed to the Internet so in conclusion That’s what DMZ means a demilitarized zone in the real world It’s an area where the military is forbidden or in the computing world It’s where firewall protection is forbidden

100 thoughts on “What is a DMZ? (Demilitarized Zone)

  1. I teach IT at the high school level. Your videos are one of my greatest resources. Our students take the CompTIA IT Fundamentals exam their first year and the Microsoft Networking Fundamentals their second year. I can not thank you enough for your help.

  2. Very useful, couldn't find this information especially the home router part until today.

  3. PowerCert will you please reply to the comment of jason topaco, because base on what he said is 75% of the video is incorect. thanks

  4. Great video helped me a lot. do you animate your videos by your own or is there a software to create presentations like this?

  5. Nice video, thanks for respecting our time by making it short.

  6. Thank you you make learning very easy.

  7. Thanks for the upload, very informative. My router has a DMZ section and it only needs the IP of the device. In using this device(in my case ps4) will it slow anything down? Not so much gaming,everyday use of the internet.

  8. I was wondering if you could use a raspberry pi maybe with an ad blocker as a DMZ?

  9. Great Explanation……

  10. Such a good explication, in the book is so much beating around the bush that the bat got green in color. THANK YOU! subscribed! Will use DMZ for faster connection on my PS3

  11. Very good. Thanks

  12. nice 🙂

  13. no ponga titulos en español si el video no esta en español.

  14. Great explanation. Thx a lot!

  15. Most clear explanation of a DMZ I've ever heard, thank you very much!

  16. Where have you been all my career?

  17. Your cable provider usually includes a WiFi router. Turn off WiFi on the provider's router and enable it on your own router on the inside of the network. The area between the two routers will be your DMZ because each router has a firewall. Consider using 192.168.0.0 in the DMZ and 192.168.x.0 inside your network. That's two private firewalls that would have to be breached and we know the Internet will not pass private IPs, only public ones. Something to think about.

  18. Very nice video thankyou

  19. So using 2 routers / firewalls the zone between the routers is a DMZ.

  20. Such a nice explanation.

  21. Great video and great explanations!! Thank You!

  22. This video reminded me of Fortnite and I don’t even play that stupid game

  23. Very clear explanation of what DMZ is. Thank you for this you are awesome!

  24. Why can't the firewall of company's private network block malwares? If it can't block malwares what is the need of it? Thanks!!

  25. THANK YOU!

  26. A very good explanation! What i dont understand is what you mean by "inside" and "outside" the firewall. Most network firewalls have multiple legs/interfaces you can configure into security zones of different levels, so that you can create a zone for the dmz in your terms "inside" the firewall, without it being on the same zone or even subnet as the rest of your lan. If you are setting up a dmz with your topologi using only one firewall you will not have any control of the network activity on your dmz, as you have your dmz "outside" the firewall. I belive that the dmz should have some sort of security. Not trying to be a smarty, just trying to educate myself and others. I think your videos are really good!

  27. Networking will fade away.

  28. I wasted 6 minutes learning something I already knew.. Now that's dedication.

  29. I was actually taught to use two routers. The first router is the frontline firewall. This router (port 1) is connected to the WAN input of the second router. (disable wireless feature if it has it) Then a computer is connected to (port 2) of that router, set to always on and with random files that look like they mean something, if possible include malware. 🙂 This computer is called a "honey pot" and should be set on the first router as the DMZ host…Then router #2 is the one that supports your home network via LAN cables and or secure wireless.
    Now they have to fight to get past the first firewall and if they do they find the honey pot which is a deterrent from any additional searching. If they do, then they have to get through a second firewall to get to the internal network. Make sure all the firmware on the routers have the latest updates.

  30. i know exactly what your voice looks like without ever having seen you in my life…

  31. I was wondering when you were going to add the second firewall in front of the web and email servers. Then bam you put it in, good job and a great video for those just starting out in networking. Thumbs up.

  32. Could this be helpful somehow against ddos

  33. I had a different DMZ in mind… but the video is GREAT! Keep up the good work!

  34. What Amazing explenation it was. thank you my Friend you really nailed it.

  35. good work

  36. DMZ in the real world: no more weapons
    DMZ in the computing world: no more firewalls
    Great video thank you

  37. Very clear and easy to understand. Thank you! Also really enjoyed the animation on the router at about 3:50.

  38. can anyone help? i accedntly enabled dmz and now i can accses my modem settings anyone know how to fix it?

  39. Similar concepts, firewalls and VLAN.

  40. Time to put out my Wii to tank some of that computer AIDS.

  41. Hatsoff for the great explanation

  42. Thanks!

  43. DMZ is software or hardware?

  44. firewalls are just a joke for a hacker if you compromise an employee computer

  45. Superb explanation!

  46. best explanation about dmz online!!!!

  47. You know what would make this video even greater? If it was narrated by Marc Alaimo. Amirite? 😀

  48. North Korea Used It

  49. Run this at 1.5 speed and get it over and done with. Rather slow basic networking knowledge

  50. What if we only use one single firewall. Then what's the point of exposing my email and web servers just to save database server which is behind firewall. Hackers could easily cause havoc on my email and web server easily. There is no point of doing dmz then. It's like leaving my door open to let robber steal my TV, couch etc but I have my jewelery locked up in safe. But u can take my TV and couch no problem.

  51. well explaines, thanks

  52. Thanks for the share.

  53. I highly recommed this outstanding video to everyone who is familiar with networks, since i bet that 99% of them including me won't know the DMZ term in router 😁

  54. Just great – many thanks once again!

  55. So basically if you want a device to have a faster internet connection without having sensitive data ,it should be a dmz host then ? At least one of solutions,right?

  56. I have an an IQ of 74 but that doesn't stop me from learning.

  57. Will I find Trump and Kim Jong there?

  58. It's really helpful thanks

  59. DUDE, your videos are so easy to understand.

  60. Your vids are the absolute best on the subject matter you cover. Concise, well presented and very useful in helping me understand these concepts and topics. Thank you!!!

  61. Dmz is not a space before firewall

  62. Is it wise to put a gaming console in the dmz?

  63. DM ZED

  64. This video is kinda bad, yes the explanation on what a dmz does is greate, but what its used for is scarry. You NEVER Want to use dmz for servers or consoles!
    For servers you use VLan togetter with a profile, aka open port 80 on firewall for this profile, and setup the switch and router with the vlan to your server and untop of that add the vlan.

    What is DMZ used for?
    1 very specific thing, setting up a network in your network.
    So if my parents have a router, and in my room i want my own network, i buy a router and hook it up to my parents router, now on my perends router configure DMZ for your router.
    Basically turning your parents into your isp

  65. Cool

  66. making all my questions from years now ANSWERED! Huge gratitude!

  67. Another way to visualize a DMZ is to think about a fast food restaurant. The DMZ is the area where customers can come and order food, but they do not have access to the back rooms where management sits. The first firewall to access the DMZ would be the door to get into the restaurant and the second firewall would be the door to get to the area where the management sits.

  68. North-South Korea?

  69. This videos zipped hundreads hours of study. Thank you.

  70. that's not dmg it's dm(z).

  71. Great video! Simple and accurate explanation!

  72. DMZ never worked for me… 🙁 or port forwarding im behind NAT!!!

  73. super clear and easy to understand. thank you!

  74. Can you please make a video on Mac filtering .

  75. Hell nah will I throw my gaming console out as first line of attack, how dare you speak such nonsense 😂 hahaha kidding love my PS4

  76. 😃

  77. Fantastic Visualization. You have shown the concepts visually. Thanks a ton. Please make more vids. Great you are helping the community.

  78. Please make video on difference between Public IP and Private IP

  79. Very nicely explained

  80. Jam Master Jay
    Run D-M-Z

  81. Why would a gaming server be placed in a dmz?

  82. I has 2 camera and 1 computer and modem wifi (router) in my house web, it would be a very bad Idea to setup a DMZ :v

  83. I'm pretty sure DMZ is a border between south korea and north korea

  84. Thank you for simplifying what others make a pain in the ass explaining! you now have another new sub! keep up the good work!

  85. Awesome video. Just to be clear I understand, the Firewall is always on the inside zone of your Router?

  86. SUPER FANTASTIC explanation! In term even I can understand! Thank you so much for taking the time to make this video!

  87. Question? When someone says the server sits inside the DMZ, does that mean that there is a second firewall in front of that server, or does it mean that server is behind the first firewall and inside the network?

  88. In your example with placing the gaming console in the DMZ, the gaming console is exposed to the internet so potentially the gaming console could be hacked, right? I am not sure what useful information a hacker could get from a gaming console. Perhaps credit card information that is stored in the gaming console?

  89. Ya need donation ?

  90. amazing video , keep it up

  91. Great, informative, easy to understand tutorial video, 5 stars for you sir..⭐⭐⭐⭐⭐

  92. Can you please do a detailed video on active directory please

  93. Is actually understandable. nice!

  94. Fantastic video. 10 out of 10. If only all videos were this clear. I have now subscribed to your channel, keen to see more of what you have to offer.

  95. Very well explained 👍

  96. YES! Thank you for putting it into a better perspective for me. Some descriptions I've read helped.. but it wasn't fully grasped. This video definitely helps!
    I do have a question, though.

    I have never configured a DMZ myself at home, like in the last section of the video. I have used my PS4 plenty of times online with no issues. What difference does setting it as a DMZ device actually make? Maybe if I had real life comparisons I could better understand.
    Thank you

  97. Thats an amazing explanation, thank you so much!

  98. what a great and clear explanation thanks a lot

  99. The best IT videos ever

  100. can someone tell me if a server for example 192.168.1.10 in dmz will it detect internet visit source ip as router ip 192.168.1.1 or original internet ip address as source ip?

Leave a Reply

Your email address will not be published. Required fields are marked *