The Demilitarized Zone (DMZ) is sometimes referred to as a “perimeter network”, its primary purpose is to add an additional layer of security for the organization’s LAN (Local Area Network). The DMZ is run as a small, isolated network that is placed between the internet and the private, or trusted, network, into which Internet facing services can be placed such as Secure File Exchange services, web servers, and other Internet accessible systems. A compromise of these Internet facing systems, maintains the protection of the internal trusted network, and also allows the organization and security professionals time to detect and address breaches before they further penetrate the internal trusted network.
Does an SMB need a DMZ?
Most SMB’s can do without a DMZ. If you are an Accounting firm and you need to exchange critical and sensitive files with your clients, it’s suggested that you use a secure 3rd party file exchange service such as “Sharefile” instead of building your own and placing it in a DMZ. The same would go for your Web Site which should be hosted by a service provider outside of your companies DMZ and LAN.
Source: Demilitarized Zone in Computing