Argos, a household name, uses Xiscan to audit unauthorised modems

Forming part of the GUS group - a well known consumer shopping name - Argos is a catalogue retailer with a national branded high street presence operating through 460 stores nationwide; supported by 6 major distribution centres. A huge operation by any high-street shopping standards, turnover of this national organisation is currently in the region of £2 billion per annum. As well as its high street stores, Argos also includes e-commerce, interactive television and telesales amongst its retailing channels.

As with any other company, large or small, Argos has a requirement to offer its clients, the public, the highest quality of service possible - one aspect of this is a secure IT network system enabling a 'safe' trading environment. In order to help them to achieve just that, Argos used the Xiscan consultancy service to review and audit its modem security strategy.

Argos is a forward thinking company, both in terms of its business strategies and its approach to the IT systems that support them; especially when considering e-commerce is a major feature in their day-to-day operation. As such they sought a telephone scanning product to complement their comprehensive firewall protection - enabling them to monitor telephone access into the organisation from external sources. Our Xiscan product proved ideal for their requirements - easily configured to exactly meet the needs of individual clients.

Available as packaged software or as a managed consultancy service, Xiscan is written in Sun's Java 2 language. It identifies unauthorised modems, which can provide direct and unrestricted routes into corporate IT systems, and has been designed to rapidly scan large quantities of telephone numbers to quickly locate these entry points. Flexibility is important and the Argos scans were run over a few days, often in the early hours of the morning, to avoid disruption and to maintain discretion.

Xiscan is an invaluable security tool for companies that appreciate the very real threat unauthorised modems present. Many companies believe that firewalls provide sufficient external access protection. Our experience has shown that this is not the case. Firewalls form only one part of a company's defence and need to be complemented by products such as Xiscan to ensure an effective security policy is maintained. A network is only as secure as its weakest link.

Thorough analysis and preparation are key to effective telephone scanning. Prior to configuring Xiscan to perform voice and data scans, Argos' telephone infrastructure had to be analysed. A key step was completion of a Pre-Audit Site Survey to ensure all interested parties understood the scope of the scanning exercise. This provided a detailed framework for subsequent dialling schedules.

Xiscan has been welcomed by Argos and regarded as an effective method of raising security awareness. Its comprehensive reporting features include a management summary, telephone system survey description, detailed scan results and future recommendations. This information has allowed Argos to fully appreciate their telephone communication system and results have been fed directly into the security strategy of the company.

Within any organisation; especially those dealing with e-commerce activities, network security is paramount. Xiscan has given Argos an opportunity to raise security awareness across all levels of the organisation. The scanning operation has identified areas for improvement within Argos, which have been prioritised and are now being addressed. The Xiscan programme has underpinned the extensive security policy already being used within the organisation.

Whilst Argos considers it has benefited from the use of Xiscan and the skilled technical support provided, it does not endorse the product in terms of its technical content, robustness and compatibility.