The Barracuda Web Application Firewall protects your Web site from attackers leveraging protocol or application vulnerabilities to instigate unauthorized access, data theft, denial of service (DoS), or defacement of your Web site.
The Barracuda Web Application Firewall provides complete protection of Web applications and is designed to enforce policies for both internal and external data security standards, such as the Payment Card Industry Data Security Standard (PCI DSS). At the same time, the Barracuda Web Application Firewall features a number of traffic management capabilities designed to improve the performance, scalability and manageability of today's most demanding data center infrastructures.
Businesses of all sizes that operate their own Web applications should deploy a powerful Web Application Firewall to protect their Web sites from application vulnerabilities.
Traditionally, security has been considered a network issue, where system administrators lock down host computers through a network firewall. While a typical network firewall can help restrict traffic to HTTP and HTTPS, this traffic can contain command exploits leveraging vulnerabilities in the Web application itself. Without the Barracuda Web Application Firewall acting as an application firewall, a hacker's attack can result in unauthorized access, data leakage, site defacement and/or other attacks that compromise both the privacy and integrity of vital data.
The major capabilities and benefits of the Barracuda Web Application Firewall include:
- Comprehensive Web Site Protection: The Barracuda Web Application Firewall proxies all Web traffic, providing complete protection in front of your Web sites. Web site protection capabilities include: HTTP protocol compliance, protection against common/high-visibility attacks, protection against attacks based on session state, online form field validation, outbound data theft protection, Web site cloaking, anti-Web crawling and application denial of service (DoS) protection, as well as fine-grain controls.
- Application Access Control: The Barracuda Web Application Firewall provides PKI support to provide certificate verification and prevents cookie tampering to ensure hidden or read-only form fields are not changed by the user.
- Application Delivery and Acceleration: In addition to the security and access control benefits of Barracuda Web Application Firewall, there are also additional operational capabilities. Capabilities include SSL offloading, SSL acceleration, load balancing and high availability.
- Logging, Monitoring and Reporting: The Barracuda Web Site Firewall features advanced capabilities to provide immediate feedback to operations teams that deploy, manage and secure mission critical applications. Besides a system log, Web firewall log, traditional Web log and audit log, the Barracuda Web Application Firewall also provides specific reports relevant to PCI compliance.
The Barracuda Web Application Firewall provide award-winning protection from all common attacks on Web applications, including SQL injections, cross-site scripting attacks, session tampering and buffer overflows. As a full proxy, the Barracuda Web Application Firewall provides comprehensive inbound and outbound protection. By inspecting request traffic, the Barracuda Web Application Firewall can block inbound attacks and cloak Web sites from hackers, while response traffic inspection prevents sensitive data leakage, such as credit card or Social Security numbers.
In addition, the Barracuda Web Application Firewall secures applications from unauthorized user access a full PKI integration for use with client certificates.
Logging monitoring and reporting capabilities of Barracuda Web Application Firewall include:
- Comprehensive logging. The Barracuda Web Application Firewall maintains a rich set of logs on the appliance, including system activity, Web Firewall activity, Web services activity, network firewall activity and traditional Web logs.
- PCI reports. The Barracuda Web Application Firewall provides a quick snapshot of application attacks defined in the PCI DSS Section 6.5, including unvalidated input, broken access control, cross-site scripting and so on.
- Syslog support. The Barracuda Web Application Firewall forwards logs to a syslog server for centralized and persistent storage or analysis by a third party tool.
Yes, the Barracuda Web Application Firewall assists organizations that store, process and/or transmit credit card numbers to comply with the Payment Card Industry - Data Security Standard (PCI DSS) requirements.
As major credit card companies are increasing pressure on merchants to comply with the PCI DSS, many e-commerce businesses are seeking solutions to meet requirement 6.6 of PCI DSS calling for either detailed custom application code reviews or installation of a Web Application Firewall by June 30, 2008. Failure to comply with these security standards may result in fines, restrictions or permanent expulsion from card acceptance programs. Through multiple advanced features, the Barracuda Web Application Firewall can help organizations easily become PCI DSS compliant.
Yes, the Barracuda Web Application Firewall is designed to easily fit into any existing data center environment and to rapidly secure and accelerate new and existing Web applications. Barracuda Networks offers the most flexible array of Barracuda Web Application Firewall deployment options, including both Bridge-path and Route-path.
One of our representatives can help evaluate your network environment and Web usage needs to help determine which model(s) is the best fit for your company. You can also check out the Help Me Choose page, and if you have more questions Contact Us.