The U.S. men's professional soccer league has built a new VPN (virtual private network) and security architecture to help block would-be intruders from stealing proprietary information. MLS runs a multitier security architecture at its New York headquarters; in addition to firewalls, this system includes an antivirus appliance and a Web monitoring server to track and control content in and out of the organization. "Our firewall is set to kill almost anything inbound," says Joseph Dalessio, network administrator for MLS, which runs a VPN for most of the 12 pro soccer teams in the league. "And we have security at the gateway, server and desktop."
MLS is one of a growing number of organizations instituting content control, both incoming and outgoing, as a security strategy. Dalessio's IT department has set filters with SurfControl's SuperScout software to prohibit users at headquarters from surfing sites with objectionable content or downloading inappropriate data. SuperScout, which MLS recently configured to run on a Microsoft Windows NT server, is the league's second shot at content control.
Content filtering is not an exact science, and MLS experienced that firsthand with its former firewall-based filtering configuration using the WatchGuard Technologies Firebox II. MLS users initially were blocked from the CNN/Sports Illustrated site because the tool weeded out SI's infamous swimsuit edition as inappropriate content. "Obviously, blocking the cnnsi.com site is not good for our organization," Dalessio says. The SuperScout content-filtering server, however, allows more detailed filtering, so it's less likely to block MLS users from sports sites, for instance.
The antivirus piece is Network Associates' WebShield e50, which scans for viruses and other malicious code entering MLS' SMTP server. The e50 was christened during the Anna Kournikova virus outbreak earlier this year. Once Dalessio spotted the virus disguised as an e-mail message, he put a block on any messages with the subject/title and body of the virus. "The e50 took all the variants of the virus, quarantined them and got rid of them," he says.
Having an antivirus appliance is key for MLS, which at first considered loading antivirus software onto its old WatchGuard firewall. Today MLS' firewall, antivirus and content-filtering functions are separate. "We didn't want a single point of failure," Dalessio says. The catch with the e50, however, is that it handles just SMTP traffic. "I'd like it to cover all content coming in over our Internet connection, including HTTP-borne viruses and other malicious code," he says.
MLS' SurfControl box, meanwhile, checks users' HTTP behavior, plus SMTP traffic patterns -- but not the content of the messages. MLS doesn't monitor outgoing e-mail for league-sensitive information, but that could change. "Generally, we've got a good Internet usage policy in place so nothing goes out that we don't want," Dalessio says. "But we are beginning to think about filtering e-mail based on content as well."
When MLS first installed SuperScout, the software set off multiple false alarms in the league's IDS (intrusion-detection system) sensors. That's because SuperScout requires a "promiscuous mode" network card for scanning the Internet gateway, and that function triggers alarms from the IDS sensors. So Dalessio configured the IDS to let SuperScout "sniff" the network without setting off the alarms.
Meanwhile, nearly all the MLS teams now have Cisco Systems PIX firewalls and will have SuperScout servers at their sites this year. The teams manage their own networks, except for the e-mail system, which is handled at MLS headquarters.
REPORTS
ANALYTICS
Follow 
