A DMZ is a part of a network that separates the internet from your home or office network.
Why would I want to have a DMZ?
A DMZ is meant to enhance security for networks that sit behind a computer that is serving services to the internet. (public servers)
Think of it like this – you own a house and there are 5 entrances into the entryway (yes this gets a little weird, bear with me) Now from the entryway, there is only one entrance into the main house.
In this example, the outside is the internet, the inside is your network, and the entryway is the DMZ. As you probably guessed, it is much easier to secure one door going into the house than it is the 5 going into the entryway.
To continue, we need to have a grasp on what a port is. A port on a computer (or server, which is just a type of computer) is just an entryway, like a door. That door may lead to a website for example. The door could also lead to another service that the server offers. So, if the ports are the doors, we need to make sure that only the doors that we want people coming into are unlocked.
The doors (ports) into the webserver in this example need to stay open so the public can access the website, however the port into the inside network where your computer resides should be shut to keep bad people out.
So just remember, internet, DMZ, internal network. If you don’t have a computer that is serving any services, you probably don’t have use for a DMZ at this point. (there are exceptions to this, services like Intrusion Detection Systems can reside in a DMZ, but that is an article for another day)