Qantas first has to strike a fine balance between curbing the threat from devices such as mobile phones and wireless PDAs while ensuring business partners are given secure and flexible access to its network.
The airline's senior information security architect Shane Tully said it was investigating a model called "de-perimeterisation" where security isn't confined to predetermined parameters. The concept is being pushed by security user group the Jericho Forum, founded by a group of European chief information security officers.
De-perimeterisation has already been adopted in the banking sector, driven largely by the advent of Internet banking and customer demand to access information.
To de-perimeterise the network, Qantas is looking at changing how it authorises users and devices connected to its systems. "We need to work on hardening [security of] the device layer and the data layer," Tully told ZDNet Australia in an interview.
This could take the form of a "virtual body search," Tully said. In this scenario, external devices attempting to connect to Qantas' network would be scanned to ensure they complied with the airline's required virus updates, firewalls and other measures before being allowed to log-in.
In the client-server world, a legitimate user ID and password would guarantee access even though a device was fraught with vulnerabilities.
"A hardened perimeter strategy is unsustainable," Tully said, arguing the traditional "default deny" setting of firewalls was too restrictive. The downside for Qantas in this situation was it couldn't be as competitive or quick to react to market changes as compared with other players.
Today, external parties -- including subsidiary discount carrier Jetstar, joint venture the Australian Air Express, outsourcing providers and loyalty program partners for the oneworld alliance -- can access selected information on Qantas' systems. In future, this list is set to expand.
Apart from more customers and suppliers requiring access to its networks, Tully expects a different approach will be required to manage the convergence of voice and data. "For instance, Internet telephony largely ignores perimeter controls ... the perimeter firewall doesn't provide much protection anymore," he said.
However, he stressed that protecting the perimeter still had a key role to play when guarding against threats such as denial of service attacks, IP spoofing and random traffic.