Nope. If you are not providing any public services on your network and your network is small enough that the same firewall policies apply to all machines then you really don't need a DMZ
What reasons are there for having a
DMZ machine or zone?
If you have a complex network and need to setup some publicly facing services that you don't entirely trust to not be abused by the evil-doers on the Internet then you probably need to setup a DMZ of some sort.
If the DMZ zone cannot communicate
with the normal network at a site, why
have it?
In more complex networks firewall polices must be setup in layers. Between each layer you usually have some kind of barrier like a firewall that limits which computers can communicate together.
Keep in mind that most DMZ are setup so internal hosts can make connections to the DMZ, but the DMZ cannot make connections to internal hosts. From the perspective of the internal hosts the DMZ computers usually appear the same way as if you had connected from the Internet, but this isn't always true, the exact policies depend on the specific service, and network.
Lets say you where running a Hospital. You would probably keep all your patient records on a highly secure network. Lets say you also wanted to support some kind of web-based support forum where people could talk to each other. You would almost certainly want there to be no link between the raw patient files and the public forum.
Nope. If you are not providing any public services on your network and your network is small enough that the same firewall policies apply to all machines then you really don't need a DMZ
If you have a complex network and need to setup some publicly facing services that you don't entirely trust to not be abused by the evil-doers on the Internet then you probably need to setup a DMZ of some sort.
In more complex networks firewall polices must be setup in layers. Between each layer you usually have some kind of barrier like a firewall that limits which computers can communicate together.
Keep in mind that most DMZ are setup so internal hosts can make connections to the DMZ, but the DMZ cannot make connections to internal hosts. From the perspective of the internal hosts the DMZ computers usually appear the same way as if you had connected from the Internet, but this isn't always true, the exact policies depend on the specific service, and network.
Lets say you where running a Hospital. You would probably keep all your patient records on a highly secure network. Lets say you also wanted to support some kind of web-based support forum where people could talk to each other. You would almost certainly want there to be no link between the raw patient files and the public forum.