You've ordered a new firewall, and you want to get it running on your network ASAP. Your first reaction is probably to put every client and server behind it. That's fine for a small company, but a larger company should consider creating a perimeter security network called a demilitarized zone (DMZ) that separates the internal network from the outside world.
DMZs are the best place for your public information. That way customers, potential customers, and outsiders can obtain the information that they need about your company without accessing the internal network. Your confidential and proprietary company information should be stored behind your DMZ on your internal network. Servers on the DMZ shouldn't contain sensitive trade secrets, source code, or proprietary information. A breach of your DMZ servers should at worst create an annoyance in the form of downtime while you recover from the security breach.
The link for this article located at ZDNet is no longer available.
