Paving the Path To The Elimination Of the Traditional DMZ

Date of Publication: 
August 2015

Knowledge Base item Tags:


A demilitarized zone or DMZ, is used to refer to any kind of screened sub-network placed between an internal network (i.e., a corporate network) and the Internet. The screening of the subnets is generally achieved by implementing a dual firewall architecture, which typically includes security elements such as bastion hosts, choke routers, reverse proxies, and commercial firewalls. The purpose of the firewalls in such an architecture is to provide controlled access to/from the DMZ from both the Internet as well as the corporate or trusted network.  

When deploying a DMZ architecture, CIOs, CSOs, and network administrators face three main challenges:

1. Ensuring the Security of Application and Data Located in the DMZ

2. Preventing Hacking into the Internal Network from the DMZ

3. Operational & Capital Costs

Safe-T's patent-pending approach for securing the network from the outside removes the need to open any ports within the internal firewall, providing unmatched protection for enterprise data networks from the Internet and other public networks.

In conclusion, it is clear that the role and architecture of the traditional DMZ has to be evaluated by all organizations’ IT and security teams. The evaluation must verify which data is stored within the DMZ and whether it can be relocated it into the internal network or a sub-subnet of the DMZ.