Layer7Solutions Home My Account My Shopping Cart
Search
0 Items In Cart
Total: $0.00
Checkout Now

Barracuda Web Application Controller Features

Barracuda Web Application Controller

Request an Evaluation Unit
Web Application Controller Datasheet

Security has typically been considered a network issue, where system administrators lock down host computers through a network firewall. Though a typical network firewall can help restrict traffic to HTTP, HTTPS and FTP, this traffic can also contain exploit commands that can leverage vulnerabilities in the Web application itself that can result in unauthorized access, data leakage, site defacement and other attacks by hackers that compromise both the privacy and integrity of vital data. Businesses of all sizes that operate their own Web applications should ensure that their Web sites are protected against application vulnerabilities.

Barracuda Web Application Controllers, including both the Barracuda Web Application Firewall and Barracuda Application Gateway, provide complete protection of Web applications and are designed to enforce policies for both internal and external data security standards, such as the Payment Card Industry Data Security Standard (PCI DSS). At the same time, the Barracuda Application Gateway features a number of additional traffic management capabilities designed to improve the performance, scalability and manageability of today's most demanding data center infrastructures.

Quick Links:
Exentensive Website Protection  |  Protection of XML Web Services
Application Access Control  |  Application Delivery and Acceleration
Logging, Monitoring and Reporting

Exentensive Website Protection

Barracuda Web Application Controllers proxy all of your Web site traffic, providing complete protection in front of your Web sites. Capabilities include:

  • HTTP protocol compliance.
    At a basic level, Barracuda Web Application Controllers verify that all inbound requests comply with the HTTP specification. For example, inbound requests with more than one Content-Length header are typically the basis of HTTP request smuggling attacks; therefore they are illegal according to the HTTP specification and are blocked automatically.
  • Protection against common, high-visibility attacks.
    Hackers can take advantage of vulnerabilities in your online Web forms to attack your applications. Barracuda Web Application Controllers protect your Web applications against SQL injections, OS command injections and cross-site scripting attacks.
  • Protection against attacks based on session state.
    Barracuda Web Application Controllers protect your Web applications against any attacks based on session state, such as forms tampering or cookie tampering.
  • Online form field validation.
    Through a positive security model, Barracuda Web Application Controllers can ensure that requests conform with a developer's intention. For example, if a developer specifies that a field should contain 40 characters of text input, any attempt by an attacker to inject a Trojan or a virus will be rejected outright because it does not conform to that input pattern.
  • Outbound data theft protection.
    In addition to inspecting the request traffic, Barracuda Web Application Controllers also inspect all outbound packets for any data pattern expressible as a UNIX-style regular expression. Built-in policies protect all major credit cards and US Social Security number patterns and new data patterns can be added at any time. Inspection for outbound leakage of these patterns can be applied to security policy on-the-fly.
  • Web site cloaking.
    To prevent hackers from doing reconnaissance on your Web infrastructure, Barracuda Web Application Controllers automatically strip identifying banners of Web server software and version numbers out of all transactions.
  • Anti-crawling.
    While some Web crawlers, such as search engines, are often desirable, you may wish to prevent all other users from downloading your entire site. Barracuda Web Application Controllers can easily identify and allow legitimate crawlers while blocking more malicious ones.
  • Rate controls and application denial of service (DoS) protection.
    You can specify a performance cap for your application, above which traffic is queued. Rate controls ensure that applications are not pushed beyond their performance limits, preventing application-layer DoS.
  • Advanced learning modes and fine-grained control.
    Barracuda Web Application Controllers feature automatic "profiling" of Web sites based on traffic passing through the system as well as automatic fine-grain rules creation based on both HTTP requests and responses down to the level of individual HTML elements.
TOP

Protection of XML Web Services

Barracuda Web Application Controllers provide the capability to secure both traditional HTML Web applications with new XML Web services applications. Available as an option to the Barracuda Web Application Controller, the Web Services Security Edition enables a strong new layer of defense to deploy SOAP applications across the perimeter - all without requiring administrators to learn all the details of XML or Web services.

  • Protection against targeted XML attacks.
    Analogous to the protections offered for traditional HTML Web Applications, Barracuda Web Application Controllers also protect Web services applications from targeted XML attacks, including SQL injection, command injection, buffer overflow and parameter tampering.
  • Validation of XML schema, SOAP envelopes and XML content.
    To ensure full compliance to Web services protocols and specifications governing their use, Barracuda Web Application Controllers validate XML schemas, SOAP envelopes, headers and message content. Barracuda Web Application Controllers conduct full XML content inspection looking for policy violations such as oversized messages, unexpected field values and inappropriate external references.
  • WS-I profile validation.
    Barracuda Web Application Controllers ensure that all Web services transactions conform to extensive WS-I basic profile requirements for security and interoperability.
  • Web services cloaking.
    By masking the true URI of mission critical Web services, Barracuda Web Application Controllers make them more difficult for hackers to target.
  • Protection against XML denial of service (DoS) attacks.
    Barracuda Web Application Controllers protect against XML DoS attacks, such as coercive parsing, external entity attacks, jumbo payloads and recursive elements attacks.
TOP

Application Access Control

The Barracuda Web Application Controller implements a single point for policy enforcement and control, including authentication to ensure that users are known, access control policy for resources, session monitoring, protection against data leakage and integration with existing authentication, authorization and access control (AAA) systems. Capabilities include:

  • Simple single sign-on (SSO) portal.
    By combining built-in authentication and authorization capabilities with Web address translation and cookie session management features, administrators utilize the Barracuda Web Application Controller to present a simple front-end portal to back-end applications without requiring changes to source code, IP addressing or the server infrastructure. Authentications are logged and user credentials are forwarded in the HTML header making integration with back-end applications simple and scalable.
  • LDAP and RADIUS integration.
    For authentication and authorization, Barracuda Web Application Controllers integrate with common authentication services, including Active Directory and other LDAP-compatible directories as well as RADIUS servers.
  • PKI support.
    Barracuda Web Application Controllers provide full PKI infrastructure and can act as a Certificate Authority, including participating in a certificate trust chain.
  • Web access management:
    • Policy Enforcement Point (PEP) for CA SiteMinder.
      For organizations utilizing CA SiteMinder for Web access management, Barracuda Web Application Controllers offer full-scale integration that encompasses authentication, authorization and single sign-on capabilities in single domain and multi-domain environments, along with performance enhancements. The Barracuda Web Application Controllers serve as the single high-performance Policy Enforcement Point (PEP), allowing CA SiteMinder to focus on its role as the Policy Decision Point (PDP).
    • RSA Access Manager.
      Barracuda Web Application Controllers can be integrated with RSA Access Manager for Web access management. The integrated system provides a high performance setup for application layer security along with authentication, authorization and single sign-on capabilities in single domain and multi-domain environments.
TOP

Application Delivery and Acceleration

In addition to the security and access control benefits of Barracuda Web Application Controllers, there are also additional operational capabilities available with the Barracuda Application Gateway. Capabilities include:

  • Caching.
    The Barracuda Application Gateway can reduce load on back-end Web servers and increase performance by caching Web content and avoiding repeated requests to back-end Web servers.
  • Compression.
    To reduce network traffic requirements, the Barracuda Application Gateway can automatically apply GZIP compression to renderable HTML content to be decompressed by the browser.
  • Connection pooling.
    To reduce back-end server overhead for maintaining new TCP connections, the Barracuda Application Gateway can automatically pool multiple front-end connections into a single back-end connection. Connection pooling keeps the back-end servers focused on processing application logic rather than protocol termination.
  • SSL acceleration.
    Barracuda Web Application Controllers include hardware-based SSL Acceleration, offloading back-end servers from the computational burdens of encrypting and decrypting secure Web traffic.
  • Load balancing.
    The Barracuda Application Gateway includes integrated load balancing capabilities to distribute traffic among multiple back-end servers. It supports both Layer 4 and Layer 7 cookie persistence and includes support for Layer 7 content switching based on URL pattern, parameter or HTTP header fields.
  • High Availability.
    When inline in Bridge-path, the Ethernet Hard Bypass ensures reliable application delivery even with a single Barracuda Web Application Controller. For Web applications with stringent security requirements, Barracuda Web Application Controllers may be installed in a redundant pair configuration, providing real-time application state replication so that security and user sessions will not be compromised during a failover event.
TOP

Logging, Monitoring and Reporting

Barracuda Web Application Controllers feature advanced capabilities to provide immediate feedback to operations team that deploy, manage and secure mission critical applications. Capabilities include:

  • Comprehensive logging.
    Barracuda Web Application Controllers maintain a rich set of logs on the appliance, including system activity, Web Firewall activity, Web services activity, network firewall activity, and traditional Web logs.
  • Tamper-proof log storage.
    Any log can be time-stamped, digitally signed and encrypted to ensure tamper proof storage.
  • Syslog support.
    Barracuda Web Application Controllers forward logs to a syslog server for centralized and persistent storage or analysis by a third party tool.
  • Integration with eIQ Network Security Analyzer.
    Barracuda Web Application Controllers integrate with eIQ Network Security Analyzer (available separately) for comprehensive event correlation, event alerting and reporting.