Barracuda
SSL VPN 280 Overview:
The Barracuda SSL VPN is an integrated hardware and
software solution enabling secure, clientless remote
access to internal network resources from any Web browser.
Designed for remote employees and road warriors, the
Barracuda SSL VPN provides comprehensive control over
file systems and Web-based applications requiring external
access. The Barracuda SSL VPN integrates with third-party
authentication mechanisms to control user access levels
and provides single sign-on.
- Enables access to corporate intranets, file
systems or other Web-based applications
- Tracks resource access through auditing and
reporting facilities
- Scans uploaded files for viruses and malware
- Leverages multi-factor, layered authentication
mechanisms, including RSA SecurID tokens
- Integrates with existing Active Directory and
LDAP directories
- Utilizes policies for granular access control
framework
- Supports any Web browser on PC or Mac
Powerful, Complete Solution:
Installed in a matter of minutes, the Barracuda SSL
VPN enables complete control over the resources designated
for external access, such as internal Web applications,
file systems and other applications. From any Web browser,
users connect to internal Web sites through a built-in
reverse proxy for access to network file shares. Richer
support for SSL tunneling is enabled through the Barracuda
SSL VPN Agent, a lightweight Java client that supports
common remote applications, including Remote Desktop,
VNC, NX, SSH and Telnet.
For complete network layer access, the Barracuda
SSL VPN includes the Barracuda Network Connector, an
installable VPN client for TCP or UDP connectivity.
With the Barracuda Network Connector, users gain SSL
access to legacy client/server application during a
VPN session.
With robust security and auditing features, administrators
define custom policies to govern resource access to
particular users or groups while tracking user activity.
For added security, files uploaded during a VPN session
to network file shares or internal Web sites are scanned
for viruses and other malware to prevent infections
of critical network resources.
Click to
enlarge
Best-of-Breed Access Control
Remote access by nature can be risky exposing network
resources across the Internet. However the Barracuda
SSL VPN mitigates these risks by tightly controlling
user access through a full suite of authentication mechanisms
and support for third-party authentication, such as
Active Directory or LDAP. Administrators have the option
to layering security by enforcing the use of PIN numbers,
hardware tokens, client certificates and other forms
of secure authentication on top of AD or LDAP.
By restricting usage to internal resources upon presenting
the correct credentials and token code, an organization
securely manages external access to network resources.
The policy-based access control framework integrates
into existing AD or LDAP schema to grant users rights
and permissions. For added granularity, administrators
have the option of setting policy to set and limit network
resources by AD or LDAP rights. Once access is granted,
the administrator monitors resource access from VPN
clients by the use of the auditing feature.
Easy to Use:
With no software to install and minimal configuration
of the firewall, installation of the Barracuda SSL VPN
is quick and easy. Once installed, the system administrator
uses the intuitive Web user interface for monitoring
and maintenance. With Barracuda Energize Updates, the
Barracuda SSL VPN is continuously updated with the latest
virus and application definitions every hour keeping
maintenance at a minimum and eliminating administrative
overhead. Updates are provided by Barracuda Central,
an advanced 24x7 security operations center that works
to continuously monitor and block the latest Internet
threats.
Affordable:
With no per user fees, the Barracuda SSL VPN is the
most affordable enterprise-class SSL VPN solution available.
Features:
Today’s global economy demands employees to be increasingly
more mobile and flexible in meeting business needs.
An inherent challenge is enabling secure remote access
to network resources with an audit trail. Typical users
require the use of email, file servers, intranet Web
sites, databases and desktop access to office workstations.
With conventional VPN solutions such as IPSec or PPTP,
secure access to resources are often difficult or impossible
to manage.
Accessible from any Web browser on any operating
system, the Barracuda SSL VPN is an integrated hardware
and software solution with the power of an enterprise-class
solution and affordability demanded by organizations
of all sizes. The Barracuda SSL VPN includes all of
the features needed to enable resource access from a
powerful policy-based permissions framework and maintains
network hygiene by scanning for viruses before uploading
files back to the network. Designed for remote employees
and road warriors, the Barracuda SSL VPN provides an
audit log of all activity during a VPN session.
SSL Tunneling:
From any Web browser, users gain secure remote access
to internal Web applications and network files shares.
Richer support for SSL tunneling is enabled through
the Barracuda SSL VPN agent, a lightweight Java tunneling
client that supports common remote applications, including
Remote Desktop, VNC, NX, SSH and Telnet. The Barracuda
SSL VPN Agent also provides cache cleaning for all popular
Web browsers.
Barracuda Network Connector:
Designed for applications using UDP, the Barracuda
Network Connector is a secure IP tunneling client installed
on a user’s workstation or laptop. When the Barracuda
Network Connector is started, a full IP connection is
created to the Barracuda SSL VPN appliance. The Barracuda
Network Connector has a fully routed VPN connection
off t the remote network, enabling content to stream
off the remote network and allowing the use of any TCP
or UDP application, such as legacy client/server applications.
Intranet Web Forwarding:
The Barracuda SSL VPN acts as a Web proxy for most
intranet Web sites. There are a number of methods available
to proxy intranet Web sites. The choice is determined
by the complexity of the Web site. A cache cleaner is
also included to clear the browser cache once the Barracuda
SSL VPN Agent exits.
Windows Explorer Mapped Drives :
When connecting using Windows 2000 or later, administrators
configure the Barracuda SSL VPN Agent to automatically
map network drives directly to file systems authorized
for VPN access. These mapped drives are used like other
network drives and are safely removed after the session
ends. The Barracuda SSL VPN Agent transparently encrypts
all files copied to and from mapped drives.
Single Sign-On:
The Barracuda SSL VPN integrates with existing user
databases via LDAP, RADIUS, Active Directory and NIS.
This ensures user account maintenance is centralized
and eliminates the duplication of user data across the
organization. Additionally, the Barracuda SSL VPN authenticates
certain services using credentials, including:
- Remote Desktop. The Barracuda SSL VPN
has the ability to pass the active users’ Active
Directory credentials through to the Remote Desktop
session for true single sign-on.
- Intranet Web Forwards. When using the
reverse proxy Web forwarding feature, intranet Web
sites can be launched passing through the active
users’ credentials to the Web application allowing
transparent authentication.
Antivirus:
All files uploaded during a Barracuda SSL VPN session
to the network file system or from a proxied intranet
Web application, are automatically scanned for viruses,
spyware and other forms of malware. Virus definitions
are maintained via Barracuda Energize updates to prevent
compromised files from being uploaded to the network.
Application Launching:
Using Application Launching, administrators can customize
which applications are deployed to VPN users. The Barracuda
SSL VPN includes a number of applications by default,
such as SSH/SFTP, Telnet and Remote Desktop clients.
With the Remote Desktop application, users are able
to access their desktops with ease
Virtual Keyboard:
The virtual keyboard is an on-screen keyboard used
as a security feature to defend against key logging
attacks. The virtual keyboard echoes the character clicked
on with the mouse.
Tiered Authentication Schemes:
Tiered authentication schemes ensure the entry portal
to an organization’s network is protected by comprehensive
security. When using Active Directory authentication,
the administrator can elect to implement a PIN authentication
module before prompting for the user’s Active Directory
password. This additional security layer decreases account
lockouts from happening as a result of brute force password
attacks on the domain.
Hardware Token Authentication
The Barracuda SSL VPN support RSA SecurID, VASCO,
Secure Computing and CryptoCard authentication servers.
The use of hardware token authentication allows for
access using a one-time password token.
Site-to-Site Connectivity :
The Barracuda SSL VPN Server Agent streamlines connections
to services at remote sites without the security risks
and overhead related with configuring and maintaining
a fully routed IPSec connection. The Barracuda SSL VPN
Server Agent directly connects to services hosted on
remote sites from the Barracuda SSL VPN. Once installed
at a remote site, shortcuts to services access resource
via the Web portal interface.
Auditing and Reporting :
All resource access via the Barracuda SSL VPN is
audited. Reports are available in real time showing
a comprehensive look at privilege usage, failed logons,
file and intranet use. Additionally, the status page
provides statistics showing resource use.
Multiple User Realms :
Realms are used where multiple user databases exist
within an organization. By using realms, the Barracuda
SSL VPN can be configured to authenticate against multiple
domain servers and other directories, such as LDAP and
NIS at once.
Customizable User Profiles:
Users can create profiles that store configuration
settings unique to a session. Profiles are useful in
the case where a user may connect to the Barracuda SSL
VPN from a number of different locations. In these cases,
proxy servers are preset and configured for the Barracuda
SSL VPN Agent to use depending upon the location.
SNMP/API :
Current utilization and appliance hardware health
among other metrics may be obtained from the Barracuda
SSL VPN by an SNMP client.
RADIUS Authentication :
The Barracuda SSL VPN can authenticate against any
RADIUS accounting and authorization server, as well
as any third-party authentication server that communicates
via RADIUS.
Simplified and Centralized Administration :
The Barracuda SSL VPN features an easy-to-use Web
user interface centralizing management to define and
set remote access policy. With hourly updates from Barracuda
Central, the Barracuda SSL VPN is virtually maintenance
free for a cost-effective solution.
- Barracuda Energize Updates. A team of
security engineers at Barracuda Central continuously
monitors the Internet for the latest threats in
virus. As they detect new threats, Energize Updates
are created and distributed to all Barracuda SSL
VPNs. These updates require zero administration
and ensure that your network has comprehensive and
accurate protection even as the methods of attack
change.
- Logs and Graphical Reports. System administrators
can view logs and generate graphical reports to
provide visibility within the organization. The
Barracuda SSL VPN generate reports on VPN utilization,
logged on users, resource usage and more.
- No Per User Fees. With the Barracuda
SSL VPN there are no per user fees so the system
administrator no longer has to worry about keeping
track of new accounts.
Rapid Implementation into the Network :
The Barracuda SSL VPN is engineered to meet the specific
needs of both small organizations and larger enterprises
to slot into existing network infrastructure with ease.
- Easy Integration with existing Network.
The Barracuda SSL VPN integrates with any IT infrastructure
regardless of geographical or logical diversity.
- Plug-and-Play Installation. Deploying
the Barracuda SSL VPN is extremely easy with no
software to install, reducing the time and resources
required for installation and ongoing support.
- LDAP, RADIUS and Active Directory Integration.
Directory server integration allows for centralization
of all account management.
Administration:
Configuration of the Barracuda SSL VPN is accomplished
through a simple Web user interface. All that is required
is a Web browser on a system with network access to
the Barracuda SSL VPN - there is no software to install
or any media to lose.
Once the product is installed on the network, it
is a simple process to configure resources, such as
file systems and intranet Web sites for secure remote
access. In the Barracuda SSL VPN, there are two distinct
classes of administrator each with different responsibilities:
the appliance administrator and the SSL VPN administrator.
The appliance administrator’s responsibility spans
network and system management functions from setting
the IP address and upgrading firmware to backing up
and restoring the system.
The SSL VPN administrator is responsible for configuration
of the resources, access control rules and policies
as well as the features available to the end users.
The SSL VPN administrator also has the ability to delegate
certain responsibilities to other users, such as the
ability to create or delete Web forwards or network
places to allow for the administrative workload to be
shared among multiple users.
Resource Creation :
Configuring an intranet Web site for remote access
is simple by setting it up as a Web forward.
Once configured, the Web forward can be assigned
to a policy, making it available for access by users
of the Barracdua SSL VPN.
The Web forward can also be configured for single
sign-on access by integrating with authentication mechanisms
such as Active Directory to pass through the Active
Directory credentials of the active user to the intranet
Web site.
Barracuda
Networks SSL VPN 280
){kind=link}
BarraGuard.com is a division of Virtual Graffiti Inc, an authorized
Barracuda Networks reseller.