Ask the Expert

What are the risks of placing enterprise users in a DMZ?

When implementing a firewall, would you recommend placing enterprise users in a DMZ?

Requires Free Membership to View

No. DMZs are designed to serve as a neutral location (hence the name demilitarized zone) where public and private services meet. Traditional firewall implementations create three zones: an untrusted zone (typically the Internet, in the case of a border firewall), a trusted zone (the organization's intranet) and a DMZ used to host public services. They're commonly used to provide organizations with a layer of isolation that protects their intranet systems from public exposure.

Enterprise services that must be exposed to untrusted networks, such as Web servers and SMTP servers, should be placed in the DMZ. This arrangement ensures that, in the event of a compromise, internal users and systems have a firewall that protects them from an affected server. Placing enterprise users (who belong on the intranet) in the DMZ eliminates this layer of protection and puts them at risk to systems on the untrusted network.

More information:

  • A DMZ is necessary for PCI DSS compliance. Read about the regulation's other important control objectives.
  • Hear security professionals' recommendations on how to implement a DMZ.
  • This was first published in March 2007

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: