|
Current Promotions:
Spam Firewalls:
Web Filters:
IM Firewalls:
Link Balancers:
Load Balancers:
Message Archivers:
Web Site Firewalls:
Web Application Controllers:
Barracuda Services:
3rd Party Solutions:
Technical Services:
Join Our Blog:
|
|
|
Barracuda
Networks Web Application Controller NC500 AG
|
|

| Barracuda
Networks Product |
Part Number |
|
| Barracuda Networks
Web Application Controller NC500 AG |
Barracuda Web Application Controller NC500 AG
Note: The purchase at least
1 Year of Energize Updates is
required
*
Get FREE Barracuda T-Shirt
* Get FREE iPHONE 3G!* |
#NC500-AG
List Price: $10,000.00
Our Price: $9,500.00 |
|
*Please Note: The Free iPhone will
be fulfilled in the form of an Apple Gift Card with the
face value of $300.00. Apple Gift Cards can be applied only
to qualified purchases directly from Apple at an Apple Store,
the Apple Store online, or Apple Telesales (1-800-MY-APPLE)
in the United States. Apple reserves the right to change
at any time the products you can purchase with gift cards
and to limit the use of gift cards in its discretion.
Click here to jump to
more pricing!
Barracuda
Web Application Controller NC500 AG Overview:
The Barracuda Web Site Firewall is a complete and powerful
security solution for Web applications and Web sites.
The Barracuda Web Site Firewall provides award-winning
protection against hackers leveraging protocol or application
vulnerabilities to instigate data theft, denial of service
or defacement of your Web site. Barracuda Web Site Firewall
- Protection against common attacks
- Outbound data theft protection
- Web site cloaking
- Granular policies
- Secure HTTP traffic
- SSL Offloading
- SSL Acceleration
- Load Balancing
Powerful, Complete Solution
The Barracuda Web Site Firewall protects Web applications
and Web services from malicious attacks, and can also
increase the performance and scalability of these applications.
The Barracuda Web Site Firewall offers every capability
needed to deliver, secure and manage enterprise Web
applications from a single appliance through an intuitive,
real-time user interface.
- Single point of protection for inbound and outbound
traffic for all Web applications
- Protects Web sites and Web applications against
application layer attacks
- Delivers best practices security right out of
the box
- Monitors traffic and provides reports about
attackers and attack attempts

Click to
enlarge
Comprehensive Web Site Protection
The Barracuda Web Site Firewall provides award-winning
protection from all common attacks on Web applications,
including SQL injections, cross-site scripting attacks,
session tampering and buffer overflows.
Many applications are vulnerable to such attacks
because application developers do not consistently employ
secure coding practices. Barracuda Web Site Firewall
is designed to combat all attack types that have been
categorized as significant threats, including:
- Cross Site Scripting (XSS)
- SQL injection flaws
- OS command injections
- Site reconnaissance
- Session hijacking
- Application denial of service
- Malicious probes/crawlers
- Cookie/session tampering
- Path traversal
- Information leakage
A Single Solution to a Multifaceted Problem
Online Web-based applications are increasingly at
risk from professional hackers who target such applications
in order to commit data theft or fraud. Being compromised
can damage an enterprise’s reputation, result in loss
of customers and impact the organization’s bottom line.
In addition, companies that transact online are faced
with a host of growing industry regulations such as
the Payment Card Industry Data Security Standard (PCI
DSS), which mandates that all enterprise and Web applications
handling credit card and account information must undergo
an extensive and costly audit of custom application
code. The alternative to satisfy PCI DSS compliance
is simply installing a Web application firewall.
The combination of these factors along with banking
industry PCI DSS compliance concerns, creates demand
for a more technologically and cost-effective risk protection
solution for online Web applications.
Backed by the worldwide leader in email and Web security
appliances, the Barracuda Web Site Firewall will continue
to dominate the market by breaking technology barriers.
Features:
Traditionally, security has been considered a network
issue, where system administrators lock down host computers
through a network firewall. While a typical network
firewall can help restrict traffic to HTTP and HTTPS,
this traffic can contain command exploits leveraging
vulnerabilities in the Web application itself that can
result in data leakage, site defacement and other attacks
by hackers that compromise both the privacy and integrity
of vital data. Businesses of all sizes that operate
their own Web applications should ensure that their
Web sites are protected against application vulnerabilities.
The Barracuda Web Site Firewall provides complete
protection of Web applications and is designed to enforce
policies for both internal and external data security
standards, such as Payment Card Industry Data Security
Standard (PCI DSS). At the same time the Barracuda Web
Site Firewall 460 and higher models feature a comprehensive
set of application delivery capabilities designed to
improve the performance, scalability and manageability
of today’s most demanding data center infrastructures.
Comprehensive Web Site Protection
The Barracuda Web Site Firewall proxies all of your
Web site traffic, providing complete protection in front
of your Web sites. Capabilities include:
- HTTP protocol compliance. At a basic
level, the Barracuda Web Site Firewall verifies
that all inbound requests comply with the HTTP specification.
For example, inbound requests with more than one
Content-Length header are typically the basis of
HTTP request smuggling attacks; therefore they are
illegal according to the HTTP specification and
are blocked automatically.
- Protection against common, high-visibility
attacks. Hackers can take advantage of vulnerabilities
in your online Web forms to attack your applications.
The Barracuda Web Site Firewall protects your Web
applications against SQL injections, OS command
injections and cross-site scripting attacks.
- Protection against attacks based on session
state. The Barracuda Web Site Firewall protects
your Web applications against any attacks based
on session state, such as forms tampering or cookie
tampering.
- Outbound data theft protection. In addition
to inspecting the request traffic, the Barracuda
Web Site Firewall also inspects all outbound packets
for any data pattern expressible as a UNIX-style
regular expression. Built-in policies protect all
major credit cards and U.S. Social Security number
patterns and new data patterns can be added at any
time. Inspection for outbound leakage of these patterns
can be applied to security policy on-the-fly.
- Web site cloaking. To prevent hackers
from doing reconnaissance on your Web infrastructure,
the Barracuda Web Site Firewall automatically strips
identifying banners of Web server software and version
numbers out of all transactions.
- Anti-crawling. While some Web crawlers,
such as search engines are often desirable, you
may wish to prevent all other users from downloading
your entire site. The Barracuda Web Site Firewall
can easily identify and allow legitimate crawlers
while blocking more malicious ones.
- Fine-grained control. The Barracuda Web
Site Firewall features automatic fine-grain rules
creation based on both HTTP requests and responses
down to the level of individual HTML elements.
- Application denial of service (DoS) protection.
By validating input limits for online form fields,
Web applications and sites are protected against
the SQL injections, OS command injections or form
field-based attacks. Fine-grain control on all points
prevents hackers from instigating these common attacks.
Application Access Control
The Barracuda Web Site Firewall implements a single
point for policy enforcement and control, which includes
authentication to ensure that users are known, access
control policy for resources and protection against
data leakage. Capabilities include:
- PKI support. By providing a full PKI
infrastructure, the Barracuda Web Site Firewall
can act as a Certificate Authority, including participating
in a certificate trust chain.
- Cookie tampering. The Barracuda Web Site
Firewall fully terminates and proxies every connection
to insulate each unique user session from exposure
and can stamp or encrypt the session cookies. Also
included to prevent cookie tampering is the ability
to ensure that all hidden or read-only form fields
are not changed by the user.
Application Delivery and Acceleration
In addition to the comprehensive security benefits
of the Barracuda Web Site Firewall, there are also additional
operational capabilities available in the Barracuda
Web Site Firewall. Capabilities include:
- SSL offloading. The Barracuda Web Site
Firewall includes SSL offloading, streamlining the
encryption and decryption of SSL traffic to quickly
process secure online transactions without additional
burden on any servers.
- SSL acceleration. The Barracuda Web Site
Firewall includes hardware-based SSL acceleration,
offloading back-end servers from the computational
burdens of encrypting and decrypting secure Web
traffic.
- Load balancing. The Barracuda Web Site
Firewall includes integrated load balancing capabilities
to distribute traffic among multiple back-end servers.
It supports both Layer 4 and Layer 7 cookie persistence
and includes support for Layer 7 content switching
based on URL pattern, parameter or HTTP header fields.
- High Availability. When inline in Bridge-path,
the Ethernet Hard Bypass ensures reliable application
delivery even with a single Barracuda Web Site Firewall.
For Web applications with stringent security requirements,
the Barracuda Web Site Firewall may be installed
in a redundant pair configuration, providing real-time
application state replication so that security and
user sessions will not be compromised during a failover
event.
Logging, Monitoring and Reporting
The Barracuda Web Site Firewall features advanced
capabilities to provide immediate feedback to the operations
team that deploy, manage and secure mission critical
applications. Capabilities include:
- Comprehensive logging. The Barracuda
Web Site Firewall maintains a rich set of logs on
the appliance, including system activity, Web Firewall
activity, Web services activity, network firewall
activity and traditional Web logs.
- PCI reports. The Barracuda Web Site Firewall
provides an easy-to-read snapshot of common application
attacks, critical for securing credit card important
and providing compliance to PCI DSS requirements.
- Syslog support. The Barracuda Web Site
Firewall forwards logs to a syslog server for centralized
and persistent storage or analysis by a third party
tool.
PCI DSS Compliance:
The Barracuda Web Site Firewall and Barracuda Web
Application Controller assist organizations of all types
that store, process and/or transmit credit card numbers,
comply with the Payment Card Industry Data Security
Standard (PCI DSS) requirements. In response to increased
identity theft incidents and security breaches, major
credit card companies collaborated in Sept. 2006 to
create the 12 procedural and system requirements, commonly
known as PCI DSS version 1.1, to standardize how to
store and access Primary Account Number (PAN) information.
Most immediate for today’s merchants and organizations
is Section 6.6 of the PCI DSS compliance deadline on
June 30, 2008, addressing the development and maintenance
of secure systems and applications. Section 6.6 mandates
all enterprise and Web applications handling credit
card and account information must undergo an extensive
audit of all custom application code that can be time
consuming, labor intensive and a costly process to visit
and revisit with each change to the application code.
The alternative to satisfy PCI DSS Section 6.6 compliance
is simply installing a Web application firewall.

Payment Card Industry Data Security Standard (PCI
DSS) Requirements
The 12 PCI DSS requirements are organized into 6
main categories. To be fully compliant, an organization
must satisfy all 12 requirements.
- Maintain a Secure Network: Requirements 1
and 2
- Install and maintain a firewall configuration
to protect cardholder data
- Do not use vendor-supplied defaults for
system passwords and other security parameters
- Protect Cardholder Data: Requirements 3 and
4
- Protect stored cardholder data
- Encrypt transmission of cardholder data
across open, public networks
- Maintain a Vulnerability Management Program:
Requirements 5 and 6
- Use and regularly update anti-virus software
- Develop and maintain secure systems and
applications
- Implement Strong Access Controls: Requirements
7, 8, and 9
- Restrict access to cardholder data by business
need-to-know
- Assign a unique ID to each person with computer
access
- Restrict physical access to cardholder data
- Regularly Monitor and Test Networks: Requirements
10 and 11
- Track and monitor all access to network
resources and cardholder data
- Regularly test security systems and processes
- Maintain an Information Security Policy:
Requirement 12
- Maintain a policy that addresses information
security
Source: PCI Security Standards version 1.1 -
http://www.PCISecurityStandards.org.
Barracuda Networks Enables PCI DSS Compliance
The Barracuda Web Site Firewall and Barracuda Web
Application Controller are designed as easy and cost-effective
solutions to achieve PCI DSS compliance. In addition
to satisfying the time-sensitive need to install a Web
application firewall into your network for PCI DSS Section
6.6 compliance, the Barracuda Web Site Firewall further
ensures PCI DSS compliance with a host of other advanced
technologies.
The Barracuda Web Site Firewall enables PCI DSS compliance
across major requirements:
|
Requirement |
Barracuda Web
Site Firewall |
|
1 - Install a Firewall |
Acts as a Web application firewall |
|
3 - Protect data |
Proxies Web traffic and insulates Web servers
from direct access by attackers |
|
4 - Encryption |
Provides easy SSL encryption even if the
application or server does not enable SSL |
|
6 - Protect Against Vulnerabilities |
Blocks known and zero-day attacks as well
as the industry-accepted top 10 Web application
vulnerabilities for custom development,
legacy and third-party applications |
|
7 - Restrict Access |
Provides role-based administration to security
policies |
|
10 - Track and Monitor Access |
Logs and reports application access and
security violations |
PCI DSS section 6.5 is perhaps the most significant
set of detailed requirements as it addresses application
vulnerability, including coding guidelines, such as
those outlined by Open Web Application Security Project
(OWASP). The Barracuda Web Site Firewall directly addresses
each of the requirements in section 6.5.
|
Requirement |
Barracuda Web
Site Firewall |
|
6.5.1 Unvalidated input (i.e., hidden field
manipulation) |
Validates incoming and outgoing session
content against legitimate application behavior
and usage |
|
6.5.2 Broken access control (i.e., malicious
use of user IDs) |
Prevents cookie tampering and corruption
of an application’s access control system |
|
6.5.3 Broken authentication and session
management (i.e. cookie tampering, session
hijacking) |
Automatically encrypts session cookies and
assigns unique session-IDs to ensure secure
user sessions |
|
6.5.4 Cross-site scripting (XSS) attacks |
Inspects and verifies user input and incoming
requests for any malicious code before forwarding
it to backend servers |
|
6.5.5 Buffer overflows |
Detects and prevents attempts via the header
or input fields to exceed memory capacity |
|
6.5.6 Injection flaws (i.e., SQL injection) |
Validates legitimacy of all Web requests
and code accessing backend systems |
|
6.5.7 Improper error handling |
Cloaks Web application infrastructure from
hackers attempting to expose vulnerabilities
in error response and other messages |
|
6.5.8 Insecure storage |
Filters and intercepts outbound traffic
to prevent transmission of sensitive information,
such as passwords, credit card numbers,
account records or proprietary information |
|
6.5.9 Application Denial of service (DoS) |
Slows down access requests to the Web site
if a violation is detected, preventing application
DoS attacks |
|
6.5.10 Insecure configuration management |
Proxies all inbound and outbound Web traffic
to neutralize any configuration vulnerabilities |
Deployment and Administration:
Deployment:
Standard Deployment Configuration
The Barracuda Web Site Firewall is designed to easily
fit into any existing data center environment and to
rapidly secure and accelerate new and existing Web applications.
Barracuda Networks offers the most flexible array of
Barracuda Web Site Firewall deployment options, including
both Bridge-path and Route-path.
Bridge-path
Bridge-path, the recommended mode of implementation
for most customers with existing Web application traffic,
enables simple and fast deployment without requiring
any IP address changes on either the front- or back-end
Web servers or network devices. The bridge is transparent,
so no user traffic is disrupted.
Route-path
Route-path provides the highest degree of protection
for a Web application infrastructure by acting as a
full reverse proxy for all Web application traffic.
As a reverse proxy, Route-path allows only predefined
traffic that adheres to security policies. Additionally,
the reverse proxy controls the only route to the back-end
network, so traffic cannot flow to any server unless
specifically forwarded by the proxy. This is the most
flexible deployment mode because it facilitates the
content-based traffic management functions of the Barracuda
Web Site Firewall.
Fault Tolerant Barracuda Web Site Firewall Environment
Some organizations may need only a single Barracuda
Web Site Firewall. When inline in Bridge-path mode,
the Barracuda Web Site Firewall’s Ethernet Hard Bypass
ensures reliable application delivery. For Web applications
with stringent security requirements, the Barracuda
Web Site Firewall may be installed in a redundant pair
configuration, providing real-time application state
replication so that security and user sessions will
not be compromised during a failover event.
Administration
Configuration and Policy Administration
Configuration of the Barracuda Web Site Firewall
is accomplished through a secure Web-based interface,
featuring a comprehensive online help system.
Initial application definition is made simple through
comprehensive default security policies that also allow
the administrator to specify more fine-grain rules.
Features such as automatic rule creation from log entries
enable administrators to easily maintain security policies
even as applications change.
Reporting
The Barracuda Web Site Firewall's administrative
tools feature statistical reporting that allow you to
visualize both overall Web traffic levels as well as
the levels of traffic filtered for either policy or
security reasons.
The Barracuda Web Site Firewall basic status page
provides a quick snapshot of statistics on common attacks,
subscription status, performance statistics, as well
as hourly and daily attacks and bandwidth usage.
Screenshots:
The following screenshots illustrate the Web user
interface of the Barracuda Web Application Controller.
|

|
Basic -> Status
Displays the current status of the appliance,
including the attack distribution and traffic
statistics for the configured Web sites.
|
|

|
Basic -> Services
Provides configuration of Web sites and
enables default protection.
|
|

|
Basic ->Default Security
Enables the configuration of the default
security policy.
|
|

|
Basic -> IP Configuration
Controls the settings for WAN, LAN and
Management IP configuration. Using this
screen, the Barracuda Web Site Firewall
can be configured in bridge or proxy mode.
|
For more screenshots,
please click here.
FAQ:
What does the Barracuda Web Site Firewall do?
The Barracuda Web Site Firewall protects your
Web site from attackers leveraging protocol or application
vulnerabilities to instigate unauthorized access,
data theft, denial of service (DoS), or defacement
of your Web site.
The Barracuda Web Site Firewall provides complete
protection of Web applications and is designed to
enforce policies for both internal and external
data security standards, such as the Payment Card
Industry Data Security Standard (PCI DSS). At the
same time, the Barracuda Web Site Firewall features
a number of traffic management capabilities designed
to improve the performance, scalability and manageability
of today’s most demanding data center infrastructures.
Why do I need a Web site firewall?
Businesses of all sizes that operate their own
Web applications should deploy a powerful Web site
firewall to protect their Web sites from application
vulnerabilities.
Traditionally, security has been considered a
network issue, where system administrators lock
down host computers through a network firewall.
While a typical network firewall can help restrict
traffic to HTTP and HTTPS, this traffic can contain
command exploits leveraging vulnerabilities in the
Web application itself. Without the Barracuda Web
Site Firewall acting as an application firewall,
a hacker’s attack can result in unauthorized access,
data leakage, site defacement and/or other attacks
that compromise both the privacy and integrity of
vital data.
What are the major capabilities and benefits of
the Barracuda Web Site Firewall?
The major capabilities and benefits of the Barracuda
Web Site Firewall include:
Comprehensive Web Site Protection:
The Barracuda Web Site Firewall proxies all
Web traffic, providing complete protection in
front of your Web sites. Web site protection
capabilities include: HTTP protocol compliance,
protection against common/high-visibility attacks,
protection against attacks based on session
state, online form field validation, outbound
data theft protection, Web site cloaking, anti-Web
crawling and application denial of service (DoS)
protection, as well as fine-grain controls.
Application Access Control: The Barracuda
Web Site Firewall provides PKI support to provide
certificate verification and prevents cookie
tampering to ensure hidden or read-only form
fields are not changed by the user.
Application Delivery and Acceleration:
In addition to the security and access control
benefits of Barracuda Web Site Firewall, there
are also additional operational capabilities.
Capabilities include SSL offloading, SSL acceleration,
load balancing and high availability.
Logging, Monitoring and Reporting:
The Barracuda Web Site Firewall features advanced
capabilities to provide immediate feedback to
operations teams that deploy, manage and secure
mission critical applications. Besides a system
log, Web firewall log, traditional Web log and
audit log, the Barracuda Web Site Firewall also
provides specific reports relevant to PCI compliance.
How does the Barracuda Web Site Firewall detect
and mitigate threats?
The Barracuda Web Site Firewall provide award-winning
protection from all common attacks on Web applications,
including SQL injections, cross-site scripting attacks,
session tampering and buffer overflows. As a full
proxy, the Barracuda Web Site Firewall provides
comprehensive inbound and outbound protection. By
inspecting request traffic, the Barracuda Web Site
Firewall can block inbound attacks and cloak Web
sites from hackers, while response traffic inspection
prevents sensitive data leakage, such as credit
card or Social Security numbers.
In addition, the Barracuda Web Site Firewall
secures applications from unauthorized user access
a full PKI integration for use with client certificates.
Can the Barracuda Web Site Firewall help my company
comply with the Payment Card Industry Data Security
Standard (PCI DSS)?
Yes, the Barracuda Web Site Firewall assists
organizations that store, process and/or transmit
credit card numbers to comply with the Payment Card
Industry - Data Security Standard (PCI DSS) requirements.
As major credit card companies are increasing
pressure on merchants to comply with the PCI DSS,
many e-commerce businesses are seeking solutions
to meet requirement 6.6 of PCI DSS calling for either
detailed custom application code reviews or installation
of a Web Application Firewall by June 30, 2008.
Failure to comply with these security standards
may result in fines, restrictions or permanent expulsion
from card acceptance programs. Through multiple
advanced features, the Barracuda Web Site Firewall
can help organizations easily become PCI DSS compliant.
Click here for additional information.
What logging, monitoring and reporting features
are available with the Barracuda Web Site Firewall?
Logging monitoring and reporting capabilities
of Barracuda Web Site Firewall include:
Comprehensive logging. The Barracuda
Web Site Firewall maintains a rich set of logs
on the appliance, including system activity,
Web Firewall activity, Web services activity,
network firewall activity and traditional Web
logs.
PCI reports. The Barracuda Web Site
Firewall provides a quick snapshot of application
attacks defined in the PCI DSS Section 6.5,
including unvalidated input, broken access control,
cross-site scripting and so on.
Syslog support. The Barracuda Web
Site Firewall forwards logs to a syslog server
for centralized and persistent storage or analysis
by a third party tool.
Will the Barracuda Web Site Firewall fit into
my existing network environment?
Yes, the Barracuda Web Site Firewall is designed
to easily fit into any existing data center environment
and to rapidly secure and accelerate new and existing
Web applications. Barracuda Networks offers the
most flexible array of Barracuda Web Site Firewall
deployment options, including both Bridge-path and
Route-path.
How do I know which Barracuda Web Site Firewall
model is best suited to my needs?
A regional Barracuda Networks sales representative
can evaluate your network environment and Web usage
needs to help determine which model(s) is the best
fit for your company.
What if I have more questions or want to see an
online demo of the Web Site Firewall?
For answers to additional questions, please
contact us.
| Barracuda
Networks Product |
Part Number |
|
| Barracuda Networks
Web Application Controller NC500 AG |
Barracuda Web Application Controller NC500 AG
Note: The purchase at least
1 Year of Energize Updates is
required
*
Get FREE Barracuda T-Shirt
* Get FREE iPHONE 3G!* |
#NC500-AG
List Price: $10,000.00
Our Price: $9,500.00 |
|
| Barracuda Networks
Energize Updates |
| 1 Year Energize Updates |
#NC500-AG-E1
List Price: $2,699.00
Our Price: $2,564.95 |
|
| Barracuda Networks
Instant Replacement |
| 1 Year Instant Firewall Replacement |
#NC500-AG-H1
List Price: $2,199.00
Our Price: $2,089.95 |
|
| Barracuda Application
Gateway Web Services |
| Barracuda Application Gateway Web Services |
#NC-WS
List Price: $10,000.00
Our Price: $9,500.95 |
|
| 1 Year Energize Updates for Barracuda Application
Gateway Web Services |
#NC-WS-E1
List Price: $2,699.00
Our Price: $2,564.95 |
|
| Barracuda Application
Gateway EIQ Analyzer |
| Barracuda Application Gateway EIQ Analyzer |
#NC-EA
List Price: $900.00
Our Price: $855.95 |
|
| 1 Year Energize Updates for Barracuda Application
Gateway EIQ Analyzer |
#NC-EA-E1
List Price: $249.00
Our Price: $236.95 |
|
*Please Note: The Free iPhone will
be fulfilled in the form of an Apple Gift Card with the
face value of $300.00. Apple Gift Cards can be applied only
to qualified purchases directly from Apple at an Apple Store,
the Apple Store online, or Apple Telesales (1-800-MY-APPLE)
in the United States. Apple reserves the right to change
at any time the products you can purchase with gift cards
and to limit the use of gift cards in its discretion.
|
|