1

i know that DMZ should contain servers that acts as a middle point between the trusted area like LAN and the other semi or non trusted area like internet or another DMZ.

based on this declaration our team has started designing these areas in my copmany network. also we are a mobile operator company.

in the DMZ we will install the DNS, HTTP and SMTP servers. now the normal user can use the Webserver to access our website although if he is from trusted or untrusted areas. but at the same time some services in our website need to be accessed from the core network of the mobile. we are worried about the security here. should we put the mobile servers on another DMZ or not.

we thought about not putting it in the DMZ, but we will configure the DNS to forward all of the requests to these services to the required servers in the mobile core servers. we will put these servers as a subdomains for our main domain which is located in the webserver in the DMZ.

now when the user types for example: domain1.com it will go to the main webserver, now there is a link which will require us to move to mobile core servers which is mobile.domain1.com

can this be achived by not putting mobile network into a dmz?

i attached a photo to describe our idea more clearly and i want your suggestions in this issue. thank you. alt text

Community
  • 1
bogha
  • 235
  • 4
  • 12

1 Answers1

1

Network and security design always boils down to level of threat versus level of effort, or cost-benefit.

If the mobile network is managed by yourselves, I see no reason to complicate things further by having to manage yet another DMZ. Why not just have a single DMZ, with all application services available from there? It will decrease your management and troubleshooting overhead from a network and security perspective in the future.

If the mobile network is not managed by yourselves, you need to speak to those who do manage it, as if they're offering a service, surely other customers have similar needs - and if they're offering you privileged access to their systems, they need to be aware of any extra traffic you send in their direction.

Zayne S Halsall
  • 1,982
  • 15
  • 19