The Barracuda SSL VPN enables secure, clientless remote access to internal network resources from any Web browser. Designed for remote employees and road warriors, the Barracuda SSL VPN provides comprehensive control over the services and applications exposed to remote or external users.
The Barracuda SSL VPN integrates with third-party authentication mechanisms to control user access levels and to provide Single Sign-On.
Accessible from any Web browser on any operating system, the Barracuda SSL VPN is an integrated hardware and software solution with the power of an enterprise-class solution and affordability demanded by organizations of all sizes. The Barracuda SSL VPN includes all of the features needed to enable resource access from a powerful policy-based permissions framework and maintains network hygiene by scanning for viruses before uploading files back to the network. Designed for remote employees and road warriors, the Barracuda SSL VPN provides an audit log of all activity during a VPN session.
From any Web browser, users gain secure remote access to internal Web applications and network files shares. Richer support for SSL tunneling is enabled through the Barracuda SSL VPN agent, a lightweight Java tunneling client that supports common remote applications, including Remote Desktop Services, Citrix XenApp, VNC, NX, SSH and Telnet.
Barracuda Network Connector
Designed for applications using UDP, the Barracuda Network Connector is a secure IP tunneling client installed on a user’s workstation or laptop. When the Barracuda Network Connector is started, a full IP connection is created to the Barracuda SSL VPN appliance. The Barracuda Network Connector has a fully routed VPN connection off to the remote network, enabling content to stream off the remote network and allowing the use of any TCP or UDP application, such as legacy client/server applications. The Barracuda Network connector also supports Password, PIN and RADIUS authentication for added security.
Intranet Web Forwarding
The Barracuda SSL VPN acts as a Web proxy for most intranet Web sites. There are a number of methods available to proxy intranet Web sites. The choice is determined by the complexity of the Web site.
Windows Explorer Mapped Drives
When connecting using Windows 2000 or later, administrators configure the Barracuda SSL VPN Agent to automatically map network drives directly to file systems authorized for VPN access. These mapped drives are used like other network drives and are safely removed after the session ends. The Barracuda SSL VPN Agent transparently encrypts all files copied to and from mapped drives.
The Barracuda SSL VPN integrates with existing user databases via LDAP, RADIUS, Active Directory and NIS. This ensures user account maintenance is centralized and eliminates the duplication of user data across the organization. Additionally, the Barracuda SSL VPN authenticates certain services using credentials, including:
- Remote Desktop. The Barracuda SSL VPN has the ability to pass the active users’ Active Directory credentials through to the Remote Desktop session for true Single Sign-On.
- Intranet Web Forwards. When using the reverse proxy Web forwarding feature, intranet Web sites can be launched passing through the active users’ credentials to the Web application allowing transparent authentication.
All files uploaded during a Barracuda SSL VPN session to the network file system or from a proxied intranet Web application, are automatically scanned for viruses, spyware and other forms of malware. Virus definitions are maintained via Barracuda Energize updates to prevent compromised files from being uploaded to the network.
Using Application Launching, administrators can customize which applications are deployed to VPN users. The Barracuda SSL VPN includes a number of applications by default, such as SSH/SFTP, Telnet and Remote Desktop clients. With the Remote Desktop application, users are able to access their desktops with ease.
The virtual keyboard is an on-screen keyboard used as a security feature to defend against key logging attacks. The virtual keyboard echoes the character clicked on with the mouse.
Tiered Authentication Schemes
Tiered authentication schemes ensure the entry portal to an organization’s network is protected by comprehensive security. When using Active Directory authentication, the administrator can elect to implement a PIN authentication module before prompting for the user’s Active Directory password. This additional security layer decreases account lockouts from happening as a result of brute force password attacks on the domain.
Hardware Token Authentication
The Barracuda SSL VPN supports RSA SecurID, VASCO, Safeword and CryptoCard authentication servers through RADIUS integration. The use of hardware token authentication allows for access using a one-time password token.
Client Access Controls
Administrators can enforce policies to restrict client access based on operating system or Web browser version. These policies can be used to ensure that end user computers are updated to the latest versions and free of known vulnerabilities prior to gaining access to network resources.
Automatic Cache Cleaning
When enabled, a cache cleaning utility automatically runs when users logout or disconnect, clearing all traces of the secure session from the Web browser cache and history. Cache cleaning is recommended when remote users access the Barracuda SSL VPN from public or shared computers.
The Barracuda SSL VPN Server Agent streamlines connections to services at remote sites without the security risks and overhead related with configuring and maintaining a fully routed IPSec connection. The Barracuda SSL VPN Server Agent directly connects to services hosted on remote sites from the Barracuda SSL VPN. Once installed at a remote site, shortcuts to services access resource via the Web portal interface.
Auditing and Reporting
All resource access via the Barracuda SSL VPN is audited. Reports are available in real time showing a comprehensive look at privilege usage, failed logons, file and intranet use. Additionally, the status page provides statistics showing resource use.
Multiple User Realms
Realms are used where multiple user databases exist within an organization. By using realms, the Barracuda SSL VPN can be configured to authenticate against multiple domain servers and other directories, such as LDAP and NIS at once.
Customizable User Profiles
Users can create profiles that store configuration settings unique to a session. Profiles are useful in the case where a user may connect to the Barracuda SSL VPN from a number of different locations. In these cases, proxy servers are preset and configured for the Barracuda SSL VPN Agent to use depending upon the location.
Current utilization and appliance hardware health among other metrics may be obtained from the Barracuda SSL VPN by an SNMP client.
The Barracuda SSL VPN can authenticate against any RADIUS accounting and authorization server, as well as any third-party authentication server that communicates via RADIUS.
Simplified and Centralized Administration
The Barracuda SSL VPN features an easy-to-use Web user interface centralizing management to define and set remote access policy. With hourly updates from Barracuda Central, the Barracuda SSL VPN is virtually maintenance free for a cost-effective solution.
- Barracuda Energize Updates. A team of security engineers at Barracuda Central continuously monitor the Internet for the latest threats. As they detect new threats, Energize Updates are created and distributed to all Barracuda SSL VPNs. These updates require zero administration and ensure that your network has comprehensive and accurate protection even as the methods of attack change.
- Logs and Graphical Reports. System administrators can view logs and generate graphical reports to provide visibility within the organization. The Barracuda SSL VPN generate reports on VPN utilization, logged on users, resource usage and more.
- No Per User Fees. With the Barracuda SSL VPN there are no per user fees so the system administrator no longer has to worry about keeping track of new accounts.
Rapid Implementation into the Network
The Barracuda SSL VPN is engineered to meet the specific needs of both small organizations and larger enterprises to slot into existing network infrastructure with ease.
- Easy Integration with existing Network. The Barracuda SSL VPN integrates with any IT infrastructure regardless of geographical or logical diversity.
- Plug-and-Play Installation. Deploying the Barracuda SSL VPN is extremely easy with no software to install, reducing the time and resources required for installation and ongoing support.
- LDAP, RADIUS and Active Directory Integration. Directory server integration allows for centralization of all account management.
The Barracuda SSL VPN makes it easy for IT departments to offer technical support for remote employees. Remote users can create assistance requests directly from the Barracuda SSL VPN portal and help desk personnel can view the support requests and securely access remote computers over the network or the Internet, through the SSL VPN, to resolve issues. This feature simplifies and accelerates the process of providing assistance to remote users and managing remote machines. Since all the transactions are carried out through the Barracuda SSL VPN, they are encrypted and subject to any configured authentication mechanisms.