A portion of a network that separates an intranet from the Internet. It is a suitable location for non-sensitive hosts that need to be accessible to the external world, e.g. webservers. A DMZ may be suitable for dealing with external attacks, and may be used to apply complex policies governing internal users, but is of little use against internal attacks.