Web Application Firewall

Web Application Firewall

Comprehensive Security for Critical Applications

A serious data breach often signals that one of your web applications has problems. Finding the vulnerability can be difficult, particularly with hundreds of lines code to check.
Deployment options: Appliance, Virtual, Azure, AWS, vCloud Air.

Try It Free!

  • Risk-Free Evaluation
  • 30 Days to Try It Out
Get Evaluation Now
Request a Quote

The Barracuda Web Application Firewall provides complete protection of Web applications and is designed to enforce policies for both internal and external data security standards, such as Payment Card Industry Data Security Standard (PCI DSS). At the same time the Barracuda Web Application Firewall 460 and higher models feature a comprehensive set of application delivery capabilities designed to improve the performance, scalability and manageability of today’s most demanding data center infrastructures.

Powerful, Complete Solution

  • Single point of protection for in/outbound traffic for all Web applications
  • Protects Web sites and Web applications against application layer attacks
  • Delivers best practices security right out of the box
  • Monitors traffic and provides reports about attackers and attack attempts
  • Protection against common attacks
  • Outbound data theft protection
  • Web site cloaking
  • Granular policies
  • Secure HTTP traffic
  • SSL Offloading
  • SSL Acceleration
  • Load Balancing

Comprehensive Web Site Protection

  • Cross Site Scripting (XSS)
  • SQL injection flaws
  • OS command injections
  • Site reconnaissance
  • Session hijacking
  • Application denial of service
  • Malicious probes/crawlers
  • Cookie/session tampering
  • Path traversal
  • Information leakage

Web Application Firewall Information

  • A Single Solution to a Multifaceted Problem

    Online Web-based applications are increasingly at risk from professional hackers who target such applications in order to commit data theft or fraud. Being compromised can damage an enterprise's reputation, result in loss of customers and impact the organization's bottom line.

    In addition, companies that transact online are faced with a host of growing industry regulations such as the Payment Card Industry Data Security Standard (PCI DSS), which mandates that all enterprise and Web applications handling credit card and account information must undergo an extensive and costly audit of custom application code. The alternative to satisfy PCI DSS compliance is simply installing a Web application firewall.

    The combination of these factors along with banking industry PCI DSS compliance concerns, creates demand for a more technologically and cost-effective risk protection solution for online Web applications.

    Backed by the worldwide leader in email and Web security appliances, the Barracuda Web Application Firewall will continue to dominate the market by breaking technology barriers.

    Web Application Firewall PCI DSS Compliance

    The Barracuda Web Application Firewall helps organizations of all types that store, process and/or transmit credit card numbers, comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements. In response to increased identity theft incidents and security breaches, major credit card companies collaborated in Sept. 2006 to create the 12 procedural and system requirements, commonly known as PCI DSS version 1.1, to standardize how to store and access Primary Account Number (PAN) information.

    Most immediate for today's merchants and organizations is Section 6.6 of the PCI DSS compliance deadline on June 30, 2008, addressing the development and maintenance of secure systems and applications. Section 6.6 mandates all enterprise and Web applications handling credit card and account information must undergo an extensive audit of all custom application code that can be time consuming, labor intensive and a costly process to visit and revisit with each change to the application code. The alternative to satisfy PCI DSS Section 6.6 compliance is simply installing a Web application firewall.

    Barracuda Web Application Firewall PCI Deployment

    Payment Card Industry Data Security Standard (PCI DSS) Requirements

    The 12 PCI DSS requirements are organized into 6 main categories. To be fully compliant, an organization must satisfy all 12 requirements.

    • Maintain a Secure Network: Requirements 1 and 2
      • Install and maintain a firewall configuration to protect cardholder data
      • Do not use vendor-supplied defaults for system passwords and other security parameters
    • Protect Cardholder Data: Requirements 3 and 4
      • Protect stored cardholder data
      • Encrypt transmission of cardholder data across open, public networks
    • Maintain a Vulnerability Management Program: Requirements 5 and 6
      • Use and regularly update anti-virus software
      • Develop and maintain secure systems and applications
    • Implement Strong Access Controls: Requirements 7, 8, and 9
      • Restrict access to cardholder data by business need-to-know
      • Assign a unique ID to each person with computer access
      • Restrict physical access to cardholder data
    • Regularly Monitor and Test Networks: Requirements 10 and 11
      • Track and monitor all access to network resources and cardholder data
      • Regularly test security systems and processes
    • Maintain an Information Security Policy: Requirement 12
      • Maintain a policy that addresses information security
    Source: PCI Security Standards version 1.1 - http://www.PCISecurityStandards.org.

    Barracuda Networks Enables PCI DSS Compliance

    The Barracuda Web Application Firewall is designed as an easy and cost-effective solution to achieve PCI DSS compliance. In addition to satisfying the time-sensitive need to install a Web application firewall into your network for PCI DSS Section 6.6 compliance, the Barracuda Web Application Firewall further ensures PCI DSS compliance with a host of other advanced technologies.

    The Barracuda Web Application Firewall enables PCI DSS compliance across major requirements:

    Requirement Barracuda Web Application Firewall
    1 - Install a Firewall Acts as a Web application firewall
    3 - Protect data Proxies Web traffic and insulates Web servers from direct access by attackers
    4 - Encryption Provides easy SSL encryption even if the application or server does not enable SSL
    6 - Protect Against Vulnerabilities Blocks known and zero-day attacks as well as the industry-accepted top 10 Web application vulnerabilities for custom development, legacy and third-party applications
    7 - Restrict Access Provides role-based administration to security policies
    10 - Track and Monitor Access Logs and reports application access and security violations

    PCI DSS section 6.5 is perhaps the most significant set of detailed requirements as it addresses application vulnerability, including coding guidelines, such as those outlined by Open Web Application Security Project (OWASP). The Barracuda Web Application Firewall directly addresses each of the requirements in section 6.5.

    Requirement Barracuda Web Application Firewall
    6.5.1 Unvalidated input (i.e., hidden field manipulation) Validates incoming and outgoing session content against legitimate application behavior and usage
    6.5.2 Broken access control (i.e., malicious use of user IDs) Prevents cookie tampering and corruption of an application's access control system
    6.5.3 Broken authentication and session management (i.e. cookie tampering, session hijacking) Automatically encrypts session cookies and assigns unique session-IDs to ensure secure user sessions
    6.5.4 Cross-site scripting (XSS) attacks Inspects and verifies user input and incoming requests for any malicious code before forwarding it to backend servers
    6.5.5 Buffer overflows Detects and prevents attempts via the header or input fields to exceed memory capacity
    6.5.6 Injection flaws (i.e., SQL injection) Validates legitimacy of all Web requests and code accessing backend systems
    6.5.7 Improper error handling Cloaks Web application infrastructure from hackers attempting to expose vulnerabilities in error response and other messages
    6.5.8 Insecure storage Filters and intercepts outbound traffic to prevent transmission of sensitive information, such as passwords, credit card numbers, account records or proprietary information
    6.5.9 Application Denial of service (DoS) Slows down access requests to the Web site if a violation is detected, preventing application DoS attacks
    6.5.10 Insecure configuration management Proxies all inbound and outbound Web traffic to neutralize any configuration vulnerabilities
  • Web Application Firewall Model Specifications

    If you would like to speak to someone about which model is right for your organization, please do not hesitate to contact us.

    Physical Appliances
    Specification Model
    360
    Model
    460
    Model
    660
    Model
    860
    Model
    960
    Backend Servers Supported 1-5 5-10 10-25 25-150 150-300
    Inbound Web Traffic (Mbps) 25 50 100 600 900
    Hardware 360 460 660 860 960
    Rackmount Chassis 1U Mini 1U Mini 1U Full Size 2UFull Size 2UFull Size
    Dimensions (inches) 16.8
    x 1.7
    x 14
    16.8
    x 1.7
    x 14
    16.8
    x 1.7
    x 22.6
    17.4
    x 3.5
    x 25.5
    17.4
    x 3.5
    x 25.5
    Dimensions (cm) 42.7
    x 4.3
    x 35.6
    42.7
    x 4.3
    x 35.6
    42.7
    x 4.3
    x 57.4
    44.2
    x 8.9
    x 64.8
    44.2
    x 8.9
    x 64.8
    Weight (lbs) 12 12 26 46 52
    Weight (kg) 5.4 5.4 11.8 20.9 23.6
    Front Ethernet Ports 1 x 10/100 2 x Gigabit 2 x Gigabit 2 x Gigabit 2 x Gigabit
    Back Ethernet Ports 1 x 10/100 1 x 10/100 1 x Gigabit 1 x Gigabit 1 x Gigabit
    ECC Memory yes yes yes
    Features 360 460 660 860 960
    Hardened and Secure OS yes yes yes yes yes
    HTTP Protocol Validation yes yes yes yes yes
    Protection Against Common Attacks yes yes yes yes yes
    Form Field Meta Data Validation yes yes yes yes yes
    Web Site Cloaking yes yes yes yes yes
    Response Control yes yes yes yes yes
    Outbound Data Theft Protection yes yes yes yes yes
    Granular Policies to HTML Elements yes yes yes yes yes
    Protocol Limit Checks yes yes yes yes yes
    File Upload Control yes yes yes yes yes
    Logging, Monitoring, Reporting yes yes yes yes yes
    High Availability yes yes yes yes yes
    SSL Offloading yes yes yes yes yes
    Authentication & Authorization yes yes yes yes yes
    LDAP/RADIUS Integration yes yes yes yes yes
    Load Balancing   yes yes yes yes
    Content Routing   yes yes yes yes
    XML Firewall     yes yes yes
    Note: The capacity depends on environment and selected options.
    Virtual Appliances
    Features 360 Vx 460 Vx 660 Vx
    Capacity
    Backend Servers 1-5 5 - 10 150 - 300
    Inbound Web Traffic 25 Mbps 50 Mbps 4 Gbps
    CPU Cores Allowed 2 4 6
    Features
    HTTP/S, FTP Protocol Validation yes yes yes
    Protection Against Common Attacks yes yes yes
    Form Field Meta Validation yes yes yes
    Bot Protection yes yes yes
    Web Scraping Protection yes yes yes
    Web Site Cloaking yes yes yes
    JSON Protection yes yes yes
    Response Control yes yes yes
    Outbound Data Theft Protection yes yes yes
    Granular Policies to HTML Elements yes yes yes
    Protocol Limit Checks yes yes yes
    File Upload Control yes yes yes
    Logging, Monitoring and Reporting yes yes yes
    High Availability yes yes yes
    SSL Offloading yes yes yes
    Authentication and Authorization yes yes yes
    Vulnerability Scanner Integration yes yes yes
    Rest API yes yes yes
    LDAP/RADIUS yes yes
    Load Balancing yes yes
    Content Routing yes yes
    RSA SecurID yes
    CA SiteMinder yes
    XML Firewall yes
    Adaptive Profiling yes
    AV for File Uploads yes
    URL Encryption yes
    Azure
    Features Level 1 Level 5 Level 10 Level 15
    Capacity
    Container Size A1 - Standard A2 - Standard A3 - Standard A4 - Standard
    License Type BYOL / Hourly BYOL / Hourly BYOL / Hourly BYOL / Hourly
    Features
    HTTP/S, FTP Protocol Validation yes yes yes yes
    Protection Against Common Attacks yes yes yes yes
    Form Field Meta Validation yes yes yes yes
    Bot Protection yes yes yes yes
    Web Scraping Protection yes yes yes yes
    Web Site Cloaking yes yes yes yes
    JSON Protection yes yes yes yes
    Response Control yes yes yes yes
    Outbound Data Theft Protection yes yes yes yes
    Granular Policies to HTML Elements yes yes yes yes
    Protocol Limit Checks yes yes yes yes
    File Upload Control yes yes yes yes
    Logging, Monitoring and Reporting yes yes yes yes
    High Availability yes yes yes yes
    SSL Offloading yes yes yes yes
    Authentication and Authorization yes yes yes yes
    Vulnerability Scanner Integration yes yes yes yes
    Rest API yes yes yes yes
    LDAP/RADIUS yes yes yes yes
    Load Balancing yes yes yes yes
    Content Routing yes yes yes yes
    RSA SecurID yes yes yes yes
    CA SiteMinder yes yes yes yes
    XML Firewall yes yes yes yes
    Adaptive Profiling yes yes yes yes
    Antivirus for File Uploads yes yes yes
    URL Encyption yes yes yes yes
    AWS
    Features Level 1 Level 5 Level 10 Level 15
    Capacity
    Container Size m3.medium m3.large m3.xlarge m3.2xlarge
    License Type BYOL / Hourly BYOL / Hourly BYOL / Hourly BYOL / Hourly
    Features
    HTTP/S, FTP Protocol Validation yes yes yes yes
    Protection Against Common Threats yes yes yes yes
    Form Field Meta Validation yes yes yes yes
    Bot Protection yes yes yes yes
    Web Scraping Protection yes yes yes yes
    Web Site Cloaking yes yes yes yes
    JSON Protection yes yes yes yes
    Response Control yes yes yes yes
    Outbound Data Theft Protection yes yes yes yes
    Granular Policies to HTML Elements yes yes yes yes
    Protocol Limit Checks yes yes yes yes
    File Upload Control yes yes yes yes
    Logging, Monitoring and Reporting yes yes yes yes
    High Availability yes yes yes yes
    SSL Offloading yes yes yes yes
    Authentication and Authorization yes yes yes yes
    Vulnerability Scanner Integration yes yes yes yes
    Rest API yes yes yes yes
    LDAP/RADIUS yes yes yes yes
    Load Balancing yes yes yes yes
    Content Routing yes yes yes yes
    RSA SecurID yes yes yes yes
    CA SiteMinder yes yes yes yes
    XML Firewall yes yes yes yes
    Adaptive Profiling yes yes yes yes
    Antivirus for File Uploads yes yes yes
    URL Encryption yes yes yes yes
  • Web Application Firewall Documentation

    DataSheets

    Guides

  • What does the Barracuda Web Application Firewall do?

    The Barracuda Web Application Firewall protects your organization's web applications and websites from attackers who use try to use protocol and application vulnerabilities to perform a denial of servic (DDoS) attack, steal your data, or even deface you site. The WAF enforces policies required to properly comply with data security standards such as PCI DSS. At the same time, the Barracuda Web Application Firewall accelerates the performance and availability of web applications through load balancing, integrated data compression, content caching and other features.

    Why do we need a Web Application Firewall?

    Incoming traffic can contain command line exploits that are intended to attack your websites and applications. HTTP and HTTPS traffic is designed to traverse network firewalls. As a result your applications can be vulnerable to these attacks. The Barracuda Web Application Firewall screens input to web applications to block attacks that must pass through network firewalls.

    What are the main benefits?

    Security for your web applications that is effective, and optimizes the reliability and delivery of those applications, simplifying infrastructure are the three main benefits of the Barracuda Web Application Firewall.

    How does the Barracuda Web Application Firewall detect and block threats?

    By acting as a full proxy, the Web Application Firewall will inspect inspects request traffic to detect and block inbound attacks while inspecting response traffic to prevent loss of sensitive data such as credit card and Social Security numbers.

    Does the Barracuda Web Application Firewall help with PCI DSS compliance?

    In order to help your organization comply with PCI DSS, the Barracuda Web Application Firewall is complete with dedicated features for helping you store, process and/or transmit credit card numbers.

    How does the Barracuda Web Application Firewall protect against Denial of Service attacks?

    With many security features such as Rate Control, Brute Force Protection, Bot Detection, Slow Client Attack Prevention and Client IP reputation are integrated into the Web Application Firewall to provide protection against DoS (Denial of Service) attacks.

Choosing Your Web Application Firewall is Easy

Our team of technical sales professionals are able to help you source the right Web Application Firewall for your organization, whether it's physical, virtual or in the cloud. The basic process is:

01

Select the unit that suits your organization's needs.

02

Pre-sales training & advice from our experts.

03

Physical units are delivered as soon as possible.

04

Installation advice & post-install training available.

Web Application Firewall

Request a no-risk, free evaluation

 

Unsure of which solution is right for your organization? Pehaps you don't have a dedicated IT staff? Our technical sales specialists are very experienced at helping professionals of all experience levels get the solution they need.

Get Help Now