Besides protecting your incoming email, authenticating your users and authorizing access you will also worry about how to secure your servers. One of the ways of securing your servers is to build a moat around them, to make it difficult for entry or otherwise hinder access to your servers.

To do this you can build a Demilitarized Zone (DMZ) within your network. The first Demilitarized Zone created was the strip of land between North Korea and South Korea after the cease fire of July 17, 1953. 

In a computer environment, a DMZ is an area of your network that sits between your secured protected internal LAN and the unprotected unsecured internet.

Your DMZ will contain your servers such as web servers, FTP servers, mail servers and DNS servers. These servers will be protected by two firewalls. One firewall configured with lots of restrictions protects your internal network from the DMZ. On the other side of the DMZ, connecting to the internet, will sit a second firewall which protects your DMZ from the outside world.

It obviously makes no sense to put your web servers inside the firewall because then they’re open to attacks. And if you put them outside the firewall then you’re open to even more attacks. So by placing a firewall on both sides of your web, FTP, email and DNS servers you are providing a safe place for them to operate without exposure to attacks.

The idea is to place all of your publicly accessible services in an area where they can be more closely monitored. But at the same time keep them separate from your internal network where your company sensitive information exists such as company confidential documents and employee information.

Your firewall can be a computer hardware system or network resource that is running special software or packet-filtering software and may or may not be running as a proxy server.

Firewall hardware vendors include such large networking and communications companies as Cisco Systems, Inc to a venture-funded Isreali startup, Yoggie Security Systems who makes a tiny firewall device for Windows based laptops.