Barracuda Web Application Firewall
Brush Up on Your Defense
It is long process to check scripts and codes with hundreds of lines, vulnerabilities are often hard to locate and a serious data breach is often the first signs indicating problems in web application.
With Barracuda Web Application Firewall, administrators don’t have to clean code or even know how different applications work, the firewall itself protects websites for data breaches and website from defacement.
Scan In. Scan Out.
Working between internet and web servers, Barracuda Web application Firewall scans all input and outbound traffic for even touching the servers or loosing data through DLP (data loss prevention). Barracuda Web Application Firewall, with its advanced optimization application deliver and availability features, is an affordable and reliable solution for web-application delivery.
Secure
Default policies distribute quick defense. Constantly updated attacks and threat profiles provides defense against SQL injections, cross-site scripting (XSS), OS command injections, session tampering, buffer overflows, XML attacks, DoS and other expert attacks.
Affordable
The product is the best defensive solution web servers appliance in the industry, it merges web app security, access control and traffic optimization in one appliance. It is the most inexpensive appliance with no per-app fee and no per-service fee.
Easy to Use
An instinctive web UI for supervision work back-to-back and has a 15 minutes setup which provides easy reporting and automatically updates firmware and security definitions.
High Performance
To reach the optimum performance level incorporated load balance optimizes the performance and gives high availability. Content catching, data compression and SSL acceleration optimize application performance at the same time lowers the impact on servers.
Access Control
For authentication purpose users are authenticated by using LDAP, RADIUS and other technologies via which user groups and individuals have to follow certain email policies in order to access applications.
Reporting
Reporting have a specific standards that are PCI DSS for their formatting which are easy to create and forward to the scheduled personnel via emails.
Features
Website Security
Vulnerability Protection
Utilizing advanced technology, the Barracuda Web Application Firewall defense against all threats which focuses application weaknesses: SQL injections, OS command injections, cross-site scripting and others.
Rate Control
This feature lets administrators specify and limit the access of the user for specified time periods in order to defend applications against DoS attacks and brute force attacks.
XML Firewall
This feature defense XML –Based Web applications against schema and WSDL poisoning, highly-nested elements, recursive passing and other XML based threats.
Cloaking
This feature constraints server banners and error messages. It avoids HTTP return codes, headers and backend IP addresses from exposure in response messages to help attackers.
Data Loss Prevention
This feature secures the confidential data and analyzes all outbound web traffic to ensure that no sensitive data is lost like credit card and social security numbers. This feature is very efficient for data loss prevention.
Adaptive Profiling
This feature allows administrators to make the samples of web traffic and generate a rough white list in order to provide zero-hour defense against threats and attacks. This adaptive profiling generates positive profile for fastest available threat response.
Client IP Reputation
Through IP reputation potential access from unknown and specific region proxies can be constrained.
Identity and Access Management
Barracuda web application firewall provides features for strong IAM starting from simple application authentication and authorization to full-featured Single Sign-On (SSO). This multipurpose identity and access management features are standard in all Barracuda web application firewalls.
LDAP and RADIUS Authentication
The product fully incorporates Active Directory, eDirectory and other RADIUS or LDAP compatible authentication services.
Single Sign-On
The administrators can use the firewall as SSO portal by its own or with third party products without any change in IP addresses, sources codes or infrastructure.
Two factor Authentication
The product carry out client authentication and hardware tokens such as RSA SecurID to give well built user authentication
Access Control
Rough policies can be set up by administrators granting access to specific users or individuals which web application or resources they can use.
Application Delivery and Acceleration
The product ensures the reliability of web applications and incorporates strong features for the acceleration of these applications. In order to get these performance benefits the incorporated features are necessary otherwise other various costly solutions would be needed. Following features will let you know why this product is the leading one in the industry.
SSL Offloading
In order to accelerate web application processing, the Barracuda Web Application Firewall offloads SSL processing from backend web servers so that the server can be free.
Load Balancing
For the avoidance of overcrowding the load balancer routes the web traffic between backend servers to protect latency. It wires layer 4 and 7 cookie persistence and layer 7 content toggling using content cues.
Content caching
To lower the requests to back-end web servers preserve server and connection resources, the product caches continuous requested web content.
Data Compression
The product compresses data to minimize response time. This feature is highly useful for smartphones and tablets.
Connection Pooling
For optimum server performance the Barracuda Web Applicaton Firewall automatically pools front end connection to single back end connection to minimize overhead cost which can affect performance.
Appliance Clustering
To make sure High availability performance and overcome failures Barracuda web application firewall can be grouped or clustered in active/ passive or active/ active pairs.
Web Server High Availability
For the high availability performance of web applications, the feature of load balancer gives failover between web servers.
Monitoring and Reporting
The product gives a quick view to administrators who install, manage and defense mission important applications.
Dashboard
An instinctive web UI gives quickly visible attack statistics, system performance, and traffic resource usage and other information useful for troubleshooting and supervision.
Logging
The product manages a comprehensive set of web firewall, access, audit and system logs. These logs can be provided to third party for further analysis.
Reports
The product has already built reports which are customized about attacks, traffic statistics and compliance with PCI-DSS. These reports can be automatically delivered via pre scheduled emails.
Syslog Reports
For central, deep analysis and continuous storage, the product forwards syslog servers.
Application Access Control
The product has access policy enforcement on a single point. It includes user authentication, access control policy for assets and protection against data loss.
LDAP and RADIUS Authentication
The product incorporates with Active directories and other LDAP compatible directories as well as RADIUS servers for verification and authentication.
Two Factor Authentications
For users authorization, the product uses two factor authentication using client certificates and hardware tokens.
Single Sign On portal
The product provides simple frontend and backend applications, by mixing authentication with web addresses translation and cookie-session management.
Website Access Control
The feature gives the control authentication and authorize which users have access to specific portions of website.
Models
360
| 1 – 5 Backend Servers |
| 25 Mbps Throughput |
| 3000 HTTP Transactions/Sec. |
| 2000 SSL Transactions/Sec. |
| 1U Mini Rackmount Chasis |
| 1.2 AC Input Current (Amps) |
| 2x 10/100 Copper NIC Connections |
| HTTP/S, FTP Protocol Validation |
| Form Field Meta Data Validation |
| Web Site Cloaking |
| Response Control |
| Outbound Data Theft Protection |
| File Upload Control |
| Logging, Monitoring and Reporting |
| High Availability |
| SSL Offloading |
| Authentication and Authorization |
| Vulnerability Scanner Integration |
| Centralized Management |
| Client IP Reputation |
| Network Firewall |
| High availability : Active / Passive |
460
| 5 – 10 Backend Servers |
| 50 Mbps Throughput |
| 6000 HTTP Transactions/Sec. |
| 4000 SSL Transactions/Sec. |
| 1U Mini Rackmount Chasis |
| 1.4 AC Input Current (Amps) |
| 2x Gigabit Copper NIC Connections |
| HTTP/S, FTP Protocol Validation |
| Form Field Meta Data Validation |
| Web Site Cloaking |
| Response Control |
| Outbound Data Theft Protection |
| File Upload Control |
| Logging, Monitoring and Reporting |
| High Availability |
| SSL Offloading |
| Authentication and Authorization |
| Vulnerability Scanner Integration |
| Centralized Management |
| Client IP Reputation |
| Network Firewall |
| High availability : Active / Passive |
| Caching and Compression |
| LDAP/RADIUS |
| Load Balancing |
| Content Routing |
660
| 10 – 25 Backend Servers |
| 100 Mbps Throughput |
| 10000 HTTP Transactions/Sec. |
| 6000 SSL Transactions/Sec. |
| 1U Mini Rackmount Chasis |
| 1.8 AC Input Current (Amps) |
| 2x Gigabit Copper NIC Connections |
| HTTP/S, FTP Protocol Validation |
| Form Field Meta Data Validation |
| Web Site Cloaking |
| Response Control |
| Outbound Data Theft Protection |
| File Upload Control |
| Logging, Monitoring and Reporting |
| High Availability |
| SSL Offloading |
| Authentication and Authorization |
| Vulnerability Scanner Integration |
| Centralized Management |
| Client IP Reputation |
| Network Firewall |
| High availability : Active / Passive |
| Caching and Compression |
| LDAP/RADIUS |
| Load Balancing |
| Content Routing |
| ECC Memory |
| Adaptive Profiling |
| AV for File Uploads |
| XML Firewall |
| High availability : Active / Active |
| Advanced routing |
860
| 25 – 150 Backend Servers |
| 600 Mbps Throughput |
| 25000 HTTP Transactions/Sec. |
| 12000 SSL Transactions/Sec. |
| 2U Fullsize Rackmount Chasis |
| 4.1 AC Input Current (Amps) |
| 2x Gigabit Copper NIC Connections |
| 2x Gigabit Fiber NIC Connections |
| HTTP/S, FTP Protocol Validation |
| Form Field Meta Data Validation |
| Web Site Cloaking |
| Response Control |
| Outbound Data Theft Protection |
| File Upload Control |
| Logging, Monitoring and Reporting |
| High Availability |
| SSL Offloading |
| Authentication and Authorization |
| Vulnerability Scanner Integration |
| Centralized Management |
| Client IP Reputation |
| Network Firewall |
| High availability : Active / Passive |
| Caching and Compression |
| LDAP/RADIUS |
| Load Balancing |
| Content Routing |
| ECC Memory |
| Adaptive Profiling |
| AV for File Uploads |
| XML Firewall |
| High availability : Active / Active |
| Advanced routing |
960
| 150 – 300 Backend Servers |
| 1 Gbps Throughput |
| 55000 HTTP Transactions/Sec. |
| 20000 SSL Transactions/Sec. |
| 2U Fullsize Rackmount Chasis |
| 5.4 AC Input Current (Amps) |
| 2x Gigabit Copper NIC Connections |
| 2x Gigabit Fiber NIC Connections |
| HTTP/S, FTP Protocol Validation |
| Form Field Meta Data Validation |
| Web Site Cloaking |
| Response Control |
| Outbound Data Theft Protection |
| File Upload Control |
| Logging, Monitoring and Reporting |
| High Availability |
| SSL Offloading |
| Authentication and Authorization |
| Vulnerability Scanner Integration |
| Centralized Management |
| Client IP Reputation |
| Network Firewall |
| High availability : Active / Passive |
| Caching and Compression |
| LDAP/RADIUS |
| Load Balancing |
| Content Routing |
| ECC Memory |
| Adaptive Profiling |
| AV for File Uploads |
| XML Firewall |
| High availability : Active / Active |
| Advanced routing |
Administration
Flexible Deployment Configurations
Route Path
This feature gives the finest defense for the web application infrastructures being a substitute full turnaround proxy for all web application traffic. Full turnaround proxy is the great industry accepted practice. It is intrinsically more defensive than bridge mode set ups.
One Armed Proxy
If a switch is given from only WAN port the Barracuda Web Application Firewall can be installed in one-armed proxy which requires unit be setup off that switch. This setup generates one more way for traffic to reach the servers without any interruption in the flow via network. The data which needs to be analyzed and supervised is routed via Barracuda Web Application Firewall.
One-armed proxy setups are utilized during the preliminary phases when administrators want to authenticate the solution without any change in the network settings. One more way to utilize the one armed proxy solution is to occupy the appliance’s integrated load balancer for HTTP/HTTPS traffic, whereas letting SMTP and other traffic pass straighly to the server.
Bridge Path
This installment is suggested for administrators who are already supervising web-application traffic. It allows quick setup without any changes in IP addresses on frontend and backend web servers and network devices. Bridge is translucent therefore users are not interrupted.
High Availability
It is always beneficial to carry out the inline or series wise appliances in a high availability group, this product can be installed in surplus pairs that supports application layer state for full failover. When set up as a separate appliance in series bridge-path mode, the appliance’s Ethernet hard bypass makes sure trustworthy application delivery.
Configuration and Policy Administration
By using incorporated online help on instinctive and Safe Web UI of Barracuda Web Application Firewall, administrators can rapidly configure the product.
Efficient default security policies rationalizes the preliminary setup and they can be rapidly customizes as well.
Supervision is more rationalized via features like automatic rule creation from log entries which let the administrators straightforwardly control security policies even as application changes.
Role Based Administration
In order to provide complete right to the administrators, the tasks of administration can be assigned to the administrators with their own specific login account & assigned role via role-based administration.
External LDAP or a local database can be managed to have a identification of administrators and their actions can be logged for audit and observance.
Monitoring and Reporting
The Barracuda web application Firewall’s dashboard displays numerical graphs which coats web traffic, web attacks, use of resources and services numeric.
This web appliance gives widespread alternates for reporting purposes including PCI reports, persistent reports can be automated to be sent via emails in addition with dashboard and logging alternatives.