In many enterprise settings, mobile devices are connected through a WiFi network. The WiFi network in many cases may connect through a “guest” network which is hosted on a corporate DMZ, peripheral, network segment or a sub-segment of that network. A DMZ is a physical or logical sub-network that contains and exposes an organization's external-facing services to a larger and untrusted network. The untrusted network is often the internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN). An external attacker only has access to equipment in the DMZ, and not to any other part of the network.
In a computer network, the hosts most vulnerable to attack are those that provide services to users outside of the local area network, such as e-mail, web and Domain Name System (DNS) servers. Because of the increased potential of these hosts being compromised, they are placed into a specific sub-network in order to protect the rest of the network if an intruder were to succeed in attacking any of them. Hosts in the DMZ have limited connectivity to specific hosts in the internal network, although communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external network, while an intervening firewall controls the traffic between the DMZ servers and the internal network clients.