In computer security, a demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a usually larger and untrusted network, such as the Internet. A DMZ serves to add an additional layer of security to an organization's internal network. For example, an external network device can access only what is exposed in the DMZ, while the rest of the organization's internal network is firewalled.