What do the Barracuda Web Application Controllers do?
Barracuda Web Application Controllers protect your Web
site from attackers leveraging protocol or application
vulnerabilities to instigate unauthorized access, data
theft, denial of service (DoS), or defacement of your Web
site.
Barracuda Web Application Controllers, including both the
Barracuda Web Application Firewall and Barracuda Application
Gateway, provide complete protection of Web applications and
are designed to enforce policies for both internal and
external data security standards, such as the Payment Card
Industry Data Security Standard (PCI DSS). At the same time,
the Barracuda Application Gateway features a number of
additional traffic management capabilities designed to
improve the performance, scalability, and manageability of
today’s most demanding data center infrastructures.
Why do I need a Web Application Controller?
Businesses of all sizes that operate their own Web
applications should deploy a powerful Web Application
Controller to protect their Web sites from application
vulnerabilities.
Traditionally, security has been considered a network
issue, where system administrators lock down host computers
through a network firewall. While a typical network firewall
can help restrict traffic to HTTP, HTTPS, and FTP, this
traffic can contain command exploits leveraging
vulnerabilities in the Web application itself that can
result in unauthorized access, data leakage, site
defacement, and other attacks by hackers that compromise
both the privacy and integrity of vital data.
What are the major capabilities and benefits of
Barracuda Web Application Controllers?
The major capabilities and benefits of Barracuda Web
Application Controllers include:
Comprehensive Web Site Protection: The Barracuda
Web Application Controller proxies all Web traffic,
providing complete protection in front of your Web sites.
Web site protection capabilities include: HTTP protocol
compliance, protection against common/high-visibility
attacks, protection against attacks based on session state,
online form field validation, outbound data theft
protection, Web site cloaking, anti-Web crawling, rate
controls and application denial of service (DoS) protection,
as well as advanced learning modes and fine-grain controls.
Protection of XML Web Services: The Barracuda Web
Application Controller provides the capability to secure
both traditional HTML Web applications and new XML Web
services applications. Available as an option to the
Barracuda Web Application Controller, the Web Services
Security Edition enables a strong new layer of defense to
deploy SOAP applications across the perimeter – all without
requiring administrators to learn all the details of XML or
Web services.
Application Access Control: The Barracuda Web
Application Controller implements a single point for policy
enforcement and control, including authentication to ensure
that users are known, access control policy for resources,
session monitoring, protection against data leakage, and
integration with existing authentication, authorization, and
access control (AAA) systems.
Application Delivery and Acceleration: In addition
to the security and access control benefits of Barracuda Web
Application Controllers, there are also additional
operational capabilities available with the Barracuda
Application Gateway. Capabilities include caching,
compression, connection pooling, SSL acceleration, load
balancing, and high availability.
Logging, Monitoring, and Reporting: Barracuda Web
Application Controllers feature advanced capabilities to
provide immediate feedback to operations teams that deploy,
manage, and secure mission critical applications.
How do Barracuda Web Application Controllers Detect and
Mitigate Threats?
Barracuda Web Application Controllers provide
award-winning protection from all common attacks on Web
applications, including SQL injections, cross-site scripting
attacks, session tampering, and buffer overflows. As a full
proxy, Barracuda Web Application Controllers inspect both
request and response traffic, providing the capabilities to
not only block inbound attacks, but also to cloak your Web
site from hackers and filter outbound traffic to prevent
potential sensitive data leakage, such as credit card
numbers or social security numbers.
In addition, Barracuda Web Application Controllers secure
applications from unauthorized user access through
integration with common authentication services, such as
LDAP and RADIUS servers, and can provide full PKI
infrastructure for use with client certificates.
With the optional Web Services Security Edition,
Barracuda Web Application Controllers extend protection for
traditional HTML Web applications to modern XML Web services
applications. In addition to filtering attack traffic,
Barracuda Web Application Controllers validate XML schema,
SOAP envelopes, and XML content to block policy violations
in your Web services application traffic.
Can Barracuda Web Application Controllers help my company
comply with the Payment Card Industry Data Security Standard
(PCI DSS)?
Yes, Barracuda Web Application Controllers assist
organizations that store, process and/or transmit credit
card numbers to comply with the Payment Card Industry - Data
Security Standard (PCI DSS) requirements.
As major credit card companies are increasing pressure on
their merchants to comply with the PCI DSS, many e-commerce
businesses are seeking solutions to meet requirement 6.6 of
PCI DSS calling for either detailed custom application code
reviews or installation of a Web Application Firewall by
June 30, 2008. Failure to comply with these security
standards may result in fines, restrictions or permanent
expulsion from card acceptance programs. Through multiple
advanced features, Barracuda Web Application Controllers can
help organizations easily become PCI DSS compliant. Click
here for additional information.
Can Barracuda Web Application Controllers secure XML Web
services applications?
Yes, with the Web Services Security Edition, available as
an option to the Barracuda Web Application Controllers. The
optional Web Services Security Edition enables a strong new
layer of defense to deploy XML Web services applications
across the perimeter – all without requiring administrators
to learn all the details of XML or Web services. Benefits
include:
Protection against targeted XML attacks. Analogous
to the protections offered for traditional HTML Web
Applications, Barracuda Web Application Controllers also
protect Web services applications from targeted XML attacks,
including SQL injection, command injection, buffer overflow,
and parameter tampering.
Validation of XML schema, SOAP envelopes, and XML
content. To ensure full compliance to Web services
protocols and specifications governing their use, Barracuda
Web Application Controllers validate XML schemas, SOAP
envelopes, headers, and message content. Barracuda Web
Application Controllers conduct full XML content inspection
looking for policy violations such as oversized messages,
unexpected field values, and inappropriate external
references.
WS-I profile validation. Barracuda Web Application
Controllers ensure that all Web services transactions
conform to extensive WS-I basic profile requirements for
security and interoperability.
Web services cloaking. By masking the true URI of
mission critical Web services, Barracuda Web Application
Controllers make them more difficult for hackers to target.
Protection against XML denial of service (DoS)
attacks. Barracuda Web Application Controllers protect
against XML DoS attacks, such as coercive parsing, external
entity attacks, jumbo payloads, and recursive elements
attacks.
What logging, monitoring, and reporting features are
available with Barracuda Web Application Controllers?
Logging monitoring and reporting capabilities of
Barracuda Web Application Controllers include:
Comprehensive logging. Barracuda Web Application
Controllers maintain a rich set of logs on the appliance,
including system activity, Web Firewall activity, Web
services activity, network firewall activity, and
traditional Web logs.
Tamper-proof log storage. Any log can be
time-stamped, digitally signed, and encrypted to ensure
tamper-proof storage.
Syslog support. Barracuda Web Application
Controllers forward logs to a syslog server for centralized
and persistent storage or analysis by a third party tool.
Integration with eIQ Network Security Analyzer.
Barracuda Web Application Controllers integrate with eIQ
Network Security Analyzer (available separately) for
comprehensive event correlation, event alerting, and
reporting.
Will the Barracuda Web Application Controller fit into my
existing network environment?
Yes, Barracuda Web Application Controllers are designed
to easily fit into any existing data center environment and
to rapidly secure and accelerate new and existing Web
applications. Barracuda Networks offers the most flexible
array of Web Application Controller deployment options,
including both Bridge-path and Route-path.
How do I know which Barracuda Web Application Controller
model is best suited to my needs?
A regional Barracuda Networks sales representative can
evaluate your network environment and Web usage needs to
help determine which model/s is the best fit for your
company.
What if I have more questions about the Barracuda Web
Application Controller?
For additional assistance or for a product demonstration
of the Barracuda Web Application Controller,
please contact BarraGuard.com
|
Web Site Firewalls:
Barracuda
Web Application Controller FAQ