What is the purpose of a demilitarized zone (DMZ) in network security?

The purpose of a demilitarized zone (DMZ) in network security is to segregate web-facing server traffic from the internal network. By placing internet-facing servers, such as web servers and email servers, in the DMZ, organizations create an additional layer of security that helps protect the internal network from potential threats.

The DMZ serves as a buffer zone, allowing external users to access specific services without granting them direct access to the internal network. This architecture minimizes the risk of external attacks compromising sensitive internal resources. In essence, the DMZ allows for controlled access and provides a defense layer, making it much harder for attackers to gain footholds within the internal network.

Other options, while they represent different network security functions, do not accurately describe the DMZ's role. Enhanced encryption for internal data relates more to securing data in transit, while having a backup server is concerned with data redundancy rather than traffic segregation. Blocking all incoming traffic from the internet indicates a more restrictive approach than what a DMZ typically supports; a DMZ allows specific types of traffic while securing the internal network from unwanted access.