From: Taylorville, IL
DMZ = Demilitarized Zone.
It is pretty much a meaningless techno-babble term.
Modern meaningfull terminology calls it a Perimeter Network. This kind of network is more openly exposed to the Internet than the regular LAN yet it still has some limitations in its exposure. The regular LAN considers this network to be a little more trusted than the Internet but still overall it is untrusted. It may use a routed relationship to the Internal or it may use NATed. NATed is consider slightly more secured but either is acceptable.
In the context of ISA Server and TMG,...all networks are Perimeter Networks,..all networks are untrusted. No network, not even the regular Internal LAN has full access to the ISA box itself "by default",...ISA hates everybody,..if you want to call it that.
Once ISA is installed the only things allowed (besides the System Policies ISA needs to be able to function) have to be specifically defined with Rules.
The exception to that is SBS2003 where ISA is left allowing everybody to do whatever they want,...run around naked,..you name it,...until you modify it to pull things back to being sensible. But that is not ISA's fault,...it is the SBS Installation Wizards that do that.