De-Militarized Zone (DMZ) is a "sacrificial lamb" for hackers applied to protect internal system relating to hack attack (hack attack). DMZ works for all service base of network requiring access to network "external world" to part of network the other. That way, all " open port" is relating to external world will stay at network, so that if a hacker did attack and does crack at server using system DMZ, the hacker will only can access its(the host is only, not at internal network. In General DMZ is built based on three fruit of concept, that is: NAT (Network Address Translation), PAT (Port Addressable Translation), and Access List. NAT functions to show again coming packages "real address" to internal address. For example: if wes own "real address" 203.8.90.100, we can form a direct NAT automatically at data coming to 192.168.100.1 (an internal network address). Then PAT functions menunjukan data to coming at particular port, or range a port and protocol (TCP/UDP or other) and address IP to a particular port or range a port to an internal address of IP. While access list functions to control in precise what is coming and going out from network in a question. For example: we can refuse or enables all ICMP is coming to all address IP except for an undesirable ICMP.

Spitzner, Lance, 1999, A Passive Approach to Your Network Security, “The Secrets of Snoop” Intrusion Detection within a Secured Network, Secure System Administrating Research.

Marek,2000, Building Secure Network with DMZ’s.

Zuliansyah, Mochammad, 2002, Teknik Pemrograman Network Interface Card pada Protokol TCP/IP, ITB.