The Barracuda Web Application Firewall is a complete and powerful security solution for Web applications and Web sites. The Barracuda Web Application Firewall provides award-winning protection against hackers leveraging protocol or application vulnerabilities to instigate data theft, denial of service or defacement of your Web site.
The Barracuda Web Application Firewall is designed to enforce policies for both internal and external data security standards, such as Payment Card Industry Data Security Standard (PCI DSS).
At the same time the Barracuda Web Application Firewall 460 and higher models include a comprehensive set of application delivery capabilities designed to improve the performance, scalability and manageability of today’s most demanding data center infrastructures.
Comprehensive Web Site Protection
The Barracuda Web Application Firewall proxies all of your Web site traffic, providing complete protection in front of your Web sites. Key capabilities include:
- Protection against web attacks. The Barracuda Web Application Firewall protects your Web applications against all common and high-risk vulnerabilities like SQL injections, OS command injections and cross-site scripting attacks. It also cloaks your website by stripping any identifying markers that can help attackers plan attacks against your web servers.
- Data Loss Prevention (DLP). In addition to inspecting web application protection, the Barracuda Web Application Firewall inspects all outbound traffic for data leakage of sensitive information like Credit Card, Social Security or any other custom patterns.
- XML Firewall. The Barracuda Web Application Firewall provides an integrated XML firewall to improve the security of the XML based Web applications and Web services. It protects your web servers against schema and WSDL poisoning, highly nested elements, recursive passing, or any other XML based attacks.
- Sophisticated Rate Control and Denial of Service (DoS) Protection. The rate control allows administrators to set granular policies to limit client access over periods of time, providing protecting against DoS attacks or brute force attacks.
- Adaptive Profiling and Positive Security Profiles. Application Profiling allows the Barracuda Web Application Firewall to automatically build and tune positive security profiles to provide zero-day protection. Administrators can create fine-grain whitelist rules to govern individual HTML elements or parameters simply by sampling web traffic.
- Integrated Anti Virus.All file uploads to the Web application can be scanned for embedded viruses and malware using the integrated anti-virus engine of the Barracuda Web Application Firewall.
Identity and Access Management
Barracuda Web Application Firewalls extend traditional application firewall delivery capabilities to support comprehensive Identity and Access Management (IAM), ranging from simple application authentication and authorization up to fine grained, full featured Single Sign-On (SSO). This integrated capability is simple, versatile and easy to deploy and is available on all models of the Barracuda Web Application Firewall. Key capabilities include:
- LDAP and RADIUS integration. The Barracuda Web Application Firewall fully integrates with common authentication services like Active Directory, eDirectory or any other RADIUS or LDAP-compatible authentication services.
- Simple Single Sign-On (SSO) . Administrators can use the Barracuda Web Application Firewall as a Single Sign-On portal using its built in capabilities or another 3rd party Single Sign-On technology like CA SiteMinder without requiring changes to source code, IP addressing or the server infrastructure.
- Two-Factor Authentication. The Barracuda Web Application Firewall works with Client authenticates and hardware tokens like RSASecurID to provide strong user authentication.
- Access Control. Administrators can set granular policies governing what areas user or which resources users can access.
Application Delivery and Acceleration
In addition to the comprehensive security benefits of the Barracuda Web Application Firewall, there are also additional operational capabilities available in the Barracuda Web Application Firewall. Key capabilities include:
- High Availability Cluster. The Barracuda Web Application Firewall can be deployed in high-availability clusters to provide redundancy. The HA cluster provide real-time application state replication and will preserve system state during a failover event.
- SSL offloading. The Barracuda Web Application Firewall provides SSL offloading capabilities to process encrypted traffic and take that burden off the back end servers.
- Load balancing. The Barracuda Web Application Firewall includes integrated load balancing capabilities to distribute traffic among multiple back-end servers. It supports both Layer 4 and Layer 7 cookie persistence and includes support for Layer 7 content switching based on URL pattern, parameter or HTTP header fields.
- Content Caching. The Barracuda Web Application Firewall can reduce load on back-end Web servers by caching Web content to minimize requests to back-end Web servers.
- Compression. The Barracuda Web Application Firewall can automatically apply compression to on client traffic to reduce bandwidth to client browsers.
- Connection pooling. The Barracuda Web Application Firewall can automatically pool multiple front-end connections into a single back-end connection to reduce connection overhead that can affect server performance.
Logging, Monitoring and Reporting
The Barracuda Web Application Firewall features advanced capabilities to provide immediate feedback to the operations team that deploy, manage and secure mission critical applications. Key capabilities include:
- Comprehensive logging. The Barracuda Web Application Firewall maintains a complete set of Web Firewall, Access, Audit and System logs. These can be exported to 3rd party tools for deep analysis.
- Extensive Reports. The Barracuda Web Application Firewall a number of prebuilt easy-to-read reports that provide insight into application attacks, traffic statistics, and compliance requirements like PCI-DSS.
- Syslog support. The Barracuda Web Application Firewall forwards logs to a syslog server for centralized and persistent storage or analysis by a third party tool.