출처:
https://velog.io/@ko1586/Firewall-DMZ-%EB%AD%94%EB%8D%B0
https://velog.io/@yjin/FirewallDMZVPC
https://velog.io/@ko1586/Firewall-DMZ-%EB%AD%94%EB%8D%B0
(영문 해석)
In computer security, a DMZ Network (sometimes referred to as a “demilitarized zone”) functions as a subnetwork containing an organization's exposed, outward-facing services. It acts as the exposed point to an untrusted networks, commonly the Internet.
The goal of a DMZ is to add an extra layer of security to an organization's local area network. A protected and monitored network node that faces outside the internal network can access what is exposed in the DMZ, while the rest of the organization's network is safe behind a firewall.
When implemented properly, a DMZ Network gives organizations extra protection in detecting and mitigating security breaches before they reach the internal network, where valuable assets are stored.
Imagine a public cloud as a crowded restaurant, and a virtual private cloud as a reserved table in that crowded restaurant. Even though the restaurant is full of people, a table with a "Reserved" sign on it can only be accessed by the party who made the reservation. Similarly, a public cloud is crowded with various cloud customers accessing computing resources – but a VPC reserves some of those resources for use by only one customer.
Source:
https://en.wikipedia.org/wiki/DMZ_(computing)
https://www.cloudflare.com/learning/cloud/what-is-a-virtual-private-cloud/
https://www.barracuda.com/glossary/dmz-network