Barracuda Link Balancer Now Offers Additional Tools for Bandwidth Management

August 3rd, 2010

Posted by:  Sanjay Ramnath, product manager

Business-critical applications, like ERP, CRM, or VoIP require uninterrupted, scalable Internet connections that are not solved by increasing bandwidth alone. As the use of Web applications becomes more prevalent in today’s workplace, organizations have to deal with providing sufficient, cost effective bandwidth for business critical applications.

To help our customers face these challenges, Barracuda Link Balancer now provides administrators with an enhanced set of tools to automatically route and prioritize critical Internet applications. Business critical applications can be routed with higher priority over high-speed Internet links while less critical applications can be routed with lower priority over lower speed links. Administrators can also configure bandwidth guarantees and limits as well as define rules to resolve bandwidth contention. This allows organizations to provide access to essential Web applications while ensuring that casual Web surfing or non-work-related Web usage does not interfere with business operations. These new features are now available with Barracuda Link Balancer firmware 2.1.

In addition to bandwidth management, the Barracuda Link Balancer provides transparent link failover, traffic load balancing, inbound link balancing and site-to-site VPN capabilities that make it an affordable and powerful solution for routing and managing traffic across multiple Internet connections. Designed to scale for high bandwidth requirements and provide business continuity for organizations of any size, the Barracuda Link Balancer optimizes the use of multiple Internet links, such as T1s, T3s, DSL and cable connections from one or multiple ISPs. Capable of automatic failover in the event of link failure, the Barracuda Link Balancer helps ensure that your network is always connected to the Internet.

The Barracuda Link Balancer is available in three models capable of supporting up to seven Internet links. Pricing starts at $1,499.  International pricing and availability varies based on region.

  • Share/Bookmark

Posted in Link Balancer, firmware release | No Comments »

Barracuda Web Application Firewall: Security Information and Event Management (SIEM) Integration

July 20th, 2010

Posted by:  Oliver Wai, product marketing manager

Today, we announced a Barracuda Web Application Firewall integration with popular security information and event management (SIEM) systems. Used by organizations to aggregate security events and log data across multiple vendors and applications, SIEM products help organizations detect security incidents and monitor server health in real-time. 

We’re seeing these capabilities become increasingly important as organizations begin to integrate their Web Application security posture into their overall security management framework. Our customers have already integrated their Barracuda Web Application Firewall with a number of popular commercial SIEM implementations, including RSA enVision, Symantec SIEM, eIQ Networks SecureVue and TriGeo SIM through the use of syslog. This allows them to monitor application threats as they occur and also to build detailed reports for compliance purposes.

Also, with new firmware release 7.4, we have added additional enhancements to our syslog capabilities, including the ability to export our syslogs to custom formats and the ability to send logs to multiple servers for aggregation and analysis. This enables customers to integrate their Barracuda Web Application Firewall with almost any commercial SIEM systems. The whole process of integration is pretty straightforward.  In the Advanced -> Export Logs screen, you can specify the exact formats in the Logs Format section.

Barracuda Web Application Firewall SIEM integration screenshot

In addition to the SIEM integration, today we also announced new integration features for the Barracuda Web Application Firewall that extend centralization of front-end access controls, simplify management of production Web applications, and bolster overall security for enterprise networks and assets. The new features enhance centralized access controls by offering integration with two major front-end access control systems for identity management and multi-factor authentication: RSA SecurID® and CA SiteMinder®.

Additional Barracuda Web Application Firewall syslog information is available in the Documentation section on our Web site.  Of course, if you need help integrating the Barracuda Web Application Firewall into your own SIEM solution, don’t hesitate to contact us at support@barracuda.com.

  • Share/Bookmark

Posted in Web Application Firewall, firmware release | No Comments »

Barracuda Networks Launches Barracuda NG Firewall F400; Expands Product Feature Set

June 29th, 2010

Posted by:  Oliver Braekow, product marketing manager

Barracuda Networks today launched the Barracuda NG Firewall  F400,  designed for deployment in regional offices or medium-sized headquarters locations that require high throughput and Layer 7 application profiling.  The Barracuda NG Firewall F400 features 1.2 Gbps firewall throughput, 1 Gbps Layer 7 application profiling and  420 Mbps VPN throughput.

Barracuda NG Firewall features simple configuration via the user interface

In addition, the full Barracuda NG Firewall line now provides Layer 7 application profiling for more than 800 applications, ensuring that every Barracuda NG Firewall can effectively and dependably report, throttle or block unwanted Web 2.0 traffic while prioritizing business-critical application throughput.

The Barracuda NG Firewall line now features a new user interface that simplifies configuration and provides more drill-down menus for status and troubleshooting.  Existing firewall and uplink balancing capabilities are now augmented with packet-based balancing of VPN tunnels to improve performance and reliability when used with multiple uplinks.  This enables the Barracuda NG Firewall’s ability to deliver reliable WAN connectivity by aggregating traditional WAN leased lines with inexpensive Internet links and wireless 3G support. 

 

The latest features are immediately available in all Barracuda NG Firewall models as part of  firmware 4.2.11.  The Barracuda NG Firewall F400 is available immediately and is priced at $5,999 and includes protection for an unlimited number of IPs, VPN clients and site-to-site VPN tunnels.   

For more information, please visit: http://www.barracudanetworks.com/ng.

  • Share/Bookmark

Posted in NG Firewall, Uncategorized | No Comments »

How to Prevent Clickjacking Attacks

June 16th, 2010

Posted by:  Oliver Wai, product marketing manager

This is part two of a two-part post on how Web site clickjacking attacks work, and how to prevent them.

Unlike other common Web vulnerabilities, clickjacking is not a consequence of a bug in a Web application.  Instead, clickjacking exploits the way browsers use HTML/CSS/JavaScript to render pages. It affects all of the major browser platforms including Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari.

Why does this Matter?

While the Facebook attack shown in our previous blog entry is more of a nuisance, it still illustrates the potential danger of clickjacking within the context of social networks. This attack demonstrates how a smart attacker can use social channels to spread malware by spoofing trusted users within the social group. More importantly, attacks of this sort can quickly morph into more serious attacks when combined with more sophisticated techniques such as a Cross-Site Request Forgery (CSRF) attack  or password stealing Trojans. Imagine if an attacker injects a clickjacking script onto a legitimate Web site that tricks the user into submitting a forged request. Because the action is generated by the victim during a valid session, it is extremely difficult for the application to detect that the request was spoofed.

Clickjacking Prevention Must Start at the Client Browser

The key solution to preventing clickjacking is to improve Web browser functionality to detect and defend against hidden iFrames and malicious JavaScript. The main browser platforms have already begun to add clickjacking prevention:

  • Mozilla Firefox has a NoScript Add-On that helps prevent scripting from untrusted domains
  • Microsoft IE, Apple Safari, and Google Chrome have implemented a HTTP header, X-FRAME-OPTIONS check to allow the host application to specify if they allow Framing.

While these provide a step in the right direction, it will take some time before this solves clickjacking problems due slow adoption and/or patching by developers and the general public.

Server-Side Solutions that Can Limit the Risk of Clickjacking

Until all browsers fix clickjacking vulnerabilities, organizations need to focus on prevention and mitigation. Some steps can be done to prevent clickjacking:

1. Install a Spam & Virus Firewall

Clickjacking starts by tricking users into visiting compromised sites. One major vector of attack is through spam or spoofed emails. Blocking spam is key to stopping clickjacking at the source.

2. Filter Web Traffic and Block Malicious Sites

Web Filters can block users from accessing dangerous sites that may contain clickjacking techniques.

3. Protect your Web Applications from Clickjacking Scripts

Web Application Firewalls can scrub all content for malicious scripts and deny attackers from injecting clickjacking scripts onto your Web site.

4. Protect your Web Application Forms

Web Application Firewalls can inject Nonce (tokens) into HTTP forms to limit exposure from unsolicited form updates launched by clickjacking attempts. Application Firewalls can also validate form parameter inputs to prevent malicious input from being sent to the Web Servers.

5. Periodically Log-out Users

Web applications that keep users logged in (like Facebook) are vulnerable to forged requests launched by clickjacking. Users should be periodically logged out to limit chances for exposure.

Outlook

Clickjacking is a challenging client-side vulnerability that needs to be solved by the Web Browser platforms. The major Web platform vendors are already working on clickjacking solutions and organization must ensure that their users are installing the latest patches as they are released. Finally organizations can limit the scope of damage and windows of opportunity for clickjacking to take place by applying preventative countermeasures through the use of Web Application Firewalls, Spam & Virus Firewalls, and/or Web Filters.

  • Share/Bookmark

Posted in Spam & Virus Firewall, Web Application Firewall, Web Filter | No Comments »

Anatomy of a Clickjacking Attack

June 14th, 2010

Posted by:  Oliver Wai, product marketing manager

This is part one of a two-part post on how Web site clickjacking attacks work, and how to prevent them.

The success of Facebook clickjacking is due in large part to the social nature of the Web site. Users of Facebook are MUCH more likely to click on a particular link if (s)he believes that the link was posted by a friend. Unfortunately, attackers also understand this dynamic and as a result, they are using Facebook as a new vector to deliver attacks.

What is Clickjacking?

Clickjacking (aka user interface (UI) redressing)  is an attack where an attacker has injected malicious content onto compromised page (Web site A) to trick the user into clicking on a link or button from another domain (Web site B). Typically the attack is set up by the creation of an invisible or disguised iFrame on Web site A that points to a UI button on Web site B. The button could be used to launch a forged cross site request, to download malware, or for any other malicious activity.

How does this Apply to Facebook?

In the recent Facebook Clickjacking attacks, an attacker sets off a variant of a Facebook worm that sends users to a clickjacked Web page that exploits Facebook’s “Like” infrastructure. This is accomplished through a series of well-designed steps:

1. Find the Victims.

The attacker likely created a spam email, banner ad or some other type of bait to trick people into clicking the malware. The bait could be a spoofed link to pornography, free products, celebrity gossip, or any other enticements. For our example, let’s assume the bait is an email with a link that says “Check this New Video of a Dancing Bear!”

2. Clickjack the Victims’ Facebook Accounts.

Once the victim clicks on the malware link, the bait will take the user to an intermediary page displaying a warning that asks the user to “Click to continue” or “Verify that you are least 18 years old” to view.  This is where the clickjacking occurs. On this page there is an invisible iFrame that uses JavaScript to silently follow the user’s mouse icon. No matter where the user clicks on the page, the victim will end up clicking on the hidden iFrame that launches a clickjacking attack on the user’s Facebook page.

3. Spread to the Victims’ Social Networks.

Because most users are permanently logged into Facebook, if the user clicks anywhere on the clickjacked page, a link is published on the Victim’s Profile with the same link used to lure the original victim of the attack:

“Check this New Video of a Dancing Bear!”

 

 

This appears on all of the user’s contacts’ Facebook News Feed. If any of the victim’s friends on Facebook clicks the link, they are also sent to the clickjacked page. If the new victim clicks anywhere on the page, a “Like” link would be added to their Facebook profile, starting the cycle again.

Check out part two of this post on how to prevent a clickjacking attack.

  • Share/Bookmark

Posted in Spam & Virus Firewall, Uncategorized, Web Application Firewall, Web Filter | No Comments »

Barracuda Web Application Firewall: Power of Extended Match

April 29th, 2010

Posted by:  Anshuman Singh, product manager

The Barracuda Web Application Firewall features a flexible rule-matching engine which gives administrators the flexibility to create rules for handling and manipulating traffic. Different modules of the Barracuda Web Application Firewall rely on the rule-matching engine to perform different operations, such as: 

Application delivery

  • Send Web requests coming in from a specific IP network to a defined set of servers.
  • Send traffic from mobile phones or other devices to a designated set of servers while simultaneously directing traffic from desktop or laptop browsers to other servers.
  • Ensure that search engine bots that access the Web site for indexing are directed to only one server, avoiding unnecessary load on the remainder of the servers.
  • Cache static data or compress responses from a portion of the Web site.
  • Translate URLs, or add/modify/delete headers of the incoming requests and/or outgoing responses.

Security

Administrators can block, allow or process incoming requests from clients based on different rules.  Examples:

  • Blacklist known bad headers
  • Block a given set of Client IPs
  • Apply rate control based on user agent
  • Allow only Google / Yahoo / Microsoft search engine bots to access the Web site

Authentication and Authorization

Authentication may be required for only one part of the Web site but there are times when administrators want to allow access to only a portion of the Web site after ensuring that the user has the correct browser versions. This can be handled via the rule matching engine.

Composite features

There are some capabilities which are exposed as composite features so that the capability is available right out of the box.  These features include:

  • Instant SSL: Enables administrators to quickly deploy an HTTP application as an HTTPS application.  This feature has two important aspects:
    1. Ability to redirect all incoming HTTP requests to an HTTPS service so that old bookmarked HTTP URLs can be redirected to the HTTPS service.
    2. Ability to rewrite all the URL in the response from http:// to https://.  This helps the administrator eliminate the need to scan the code and manually change all hard-coded links from http:// to https://.
  • Cookie security: As many applications manage their state by setting session data in the cookie it becomes important to ensure that the Cookies cannot be tampered with on the client side. The Cookie security module can digitally sign or encrypt the cookies going out. In addition, the WAF has a set of other security measures to provide protection against cookie replay protection type of threats.
  • Data theft protection: The Barracuda Web Application Firewall’s data theft module can be utilized to scan all outgoing responses for sensitive information such as credit card numbers or social security numbers.  In addition, these rules can be applied to specific parts of the Web application – such as personal identification numbers, phone numbers or important dates.

We encourage Barracuda Web Application Firewall customers to try these rules or share their own unique rule sets in the comments section below, or with the larger Barracuda Web Application Firewall Community at http://forum.barracudanetworks.com.

  • Share/Bookmark

Posted in Web Application Firewall | No Comments »

Todd County School District Improves Web Access for Students and Staff with Barracuda Link Balancer

April 20th, 2010

Posted by:  Sanjay Ramnath, product manager

Located in South Dakota, Todd County School District is made up of 11 schools with more than 2,000 K-12 grade students, six office locations and approximately 550 staff members.  The district maintains critical online services such as email, Web sites, video conferencing, technology blogs, and an online help desk as well as an online portal for parents to check their child’s school attendance, grades, class assignments and more.  The district had been experiencing Web access issues due to bandwidth limitations on its single 10 Mbps T1 connection.

After deploying the Barracuda Link Balancer 430, network administrators immediately determined that a wireless access point was causing problems and isolated it to one wireless unit range rather than multiple locations.  Todd County School District now balances traffic across two T1 connections to guarantee bandwidth for audio and video services such as streaming media, a Polycom Bridge unit for video conferencing and other services such as email and blogs. 

 The Barracuda Link Balancer is available in three models and is an affordable and powerful solution for routing and managing traffic across multiple Internet connections, capable of handling up to six WAN links.  The Barracuda Link Balancer combines bandwidth of multiple high speed connections while automatic failover ensures reliable connectivity to any of the available Internet links.  The Barracuda Link Balancer automatically detects failure and service restoration for Internet connections. 

Todd County School District is just one of many satisfied Barracuda Link Balancer customers.  For more information, or to read the complete case study, please visit http://www.barracudanetworks.com/link.  

  • Share/Bookmark

Posted in Customer Case Studies, Link Balancer | No Comments »

Barracuda Networks Launches Barracuda Backup Server 990

April 8th, 2010
 
 
 

Barracuda Backup Server 990

Posted by:  Andy Jensen, product marketing manager

Barracuda Networks today launched the Barracuda Backup Server 990 with 24 terabytes of internal storage, making it the ideal on-premises solution for organizations requiring local backup for large volumes of data.  Now available in six models and combined with the Barracuda Backup Subscription to provide offsite backup storage in the cloud, the Barracuda Backup Service is the most complete backup and disaster recovery solution available for organizations today. 

The Barracuda Backup Service firmware 3.0 features more efficient backup transfer methods by better utilizing the available bandwidth between the backup server and the cloud.  The Barracuda Backup Service now provides new data deduplication functionality for Windows server backups.

The Barracuda Backup Service now offers full open file backup support which allows administrators to back up files that have been locked by the operating system for improved data protection.  The Barracuda Backup Service also increases the efficiency of the local network by starting the deduplication process at the agent, eliminating the need to send as much network traffic across the local network.

Formerly restricted to Windows system support for Windows Server 2003 and 2008, upgrades to the  Barracuda Backup Agent software now support Windows 7 and provide full system backup and restore.

The Barracuda Backup Server 890 is increasing in capacity from six terabytes of storage to eight and the Barracuda Backup Server 690 is increasing in capacity from three terabytes of storage to four.

Barracuda Backup Service firmware 3.0 is immediately available to current and future Barracuda Backup Service customers.  Barracuda Backup Service pricing includes a one-time hardware fee for the Barracuda Backup Server and a monthly fee for offsite storage.  Barracuda Backup Server pricing ranges from $999 for the model 190 and $44,999 for the new model 990.  Offsite storage plans are priced at $50 for per month for every 100 GB of offsite backup storage with no overage fees, no agent fees and no per server fees.  For more information, please visit: http://www.barracudanetworks.com/backup.

  • Share/Bookmark

Posted in Backup Service, firmware release | No Comments »

Web Filtering for Schools: Finding the Right Balance

April 5th, 2010

Posted by:  Sanjay Ramnath, product manager

With a combination of powerful features, ease-of-use and affordability, the Barracuda Web Filter and Barracuda Purewire Web Security Service are ideal solutions for educational institutions to secure their networks and provide a safe and productive Web access environment.   There are a number of key considerations that school administrators and IT staff must take into account when determining how the Web can be effectively used as a tool in schools – at all levels –  for research, learning, creativity and many other positive outlets while ensuring policy enforcement and protection against harmful content.  These challenges can include:

  • Malware: This threat vector is even more relevant in the context of a user base, for example students tend to have unpredictable browsing habits. In fact, Barracuda Networks’ studies indicate that students are more likely to visit compromised Web sites than any other group of users.
  • Criminal Activity:  Children can inadvertently identify themselves to malicious or criminal users through chat rooms, instant messaging (IM), social networking sites or other avenues, thereby making them vulnerable to cyber-bullying or online stalking tactics. This form of cybercrime is a very unpleasant reality today and is a major concern for parents and administrators.
  • Anonymous Proxies: As students become more technically savvy, they inevitably seek ways to circumvent restrictions to online content. Anonymous proxies aid this by providing Web sites or applications that are designed to avoid Web filtering policies by obfuscating user identity. Widespread use of these applications will expose an educational institution to all the risks inherent to an unfiltered, unmanaged IT infrastructure.
  • And more…    

A new whitepaper available from Barracuda Networks, “Providing Safe Web Access in Educational Institutions”, takes a deeper look at each of these considerations and can help educational institutions to navigate the requirements of providing access to the best available educational resources while ensuring Internet safety.

  • Share/Bookmark

Posted in Web Filter, Web Security Service | No Comments »

Three Security Considerations for 2010

March 30th, 2010

Posted by:  Steve Pao, vice president of product management

1.  The Web is everywhere.  Protect it.
Content security is evolving beyond the perimeter.   While most organizations tend to deploy Internet-facing email servers, Web servers or even IM servers in just a few locations, most allow ad hoc Web browsing access from all locations.   In addition, use of laptops at home or on the road opens up yet another threat vector.  The dispersed nature of protection calls for a hybrid approach — on-premises gateway protection at larger locations with fixed desktops and cloud protection for smaller offices and mobile workers.

2.  Web application security has evolved.  Change with it.
While early Web Application Firewall solutions were deployed off to the side by sniffing through a span port, modern threats have required a fundamental change to deployment scenarios and the design of the network.  Modern security approaches have imposed requirements for a full reverse proxy rather than a sniffer, in order to prevent session tampering, cross-site request forgery and even Web site reconnaissance all of which require rewriting of traffic inline.  In addition, modern DMZ architectures now bring together Web application security with other requirements such as load balancing, access control and acceleration.  As such, Web Application Firewall solutions have evolved from point solutions in the network to a core component of the next generation DMZ architecture.

3.  Time for a Next Generation Firewall.
The old traditional layer 3/4 network firewall is essentially dead.  As Web 2.0 applications tunnel traffic over HTTP or HTTPS and as peer-to-peer (P2P) applications continue to proliferate, traditional firewalls no longer serve the purpose of either protecting networks or users.  Next generation firewalls must combine  awareness of applications, users, content and context with network security.  To combat modern threats, the next generation firewall must integrate multiple technologies, including Layer 7 application profiling, intrusion prevention, application proxies, content security and network access control.  At the same time, organizations should also recognize that beyond a changing threat landscape, organizations are also thinking beyond the perimeter.  The challenges cease becoming how big an individual firewall scales but rather how to manage them across multiple locations.

Barracuda Networks and its partners are engaging active discussions on these topics and more.

  • Share/Bookmark

Posted in Hybrid protection, NG Firewall, Web Application Firewall | No Comments »

« Older Entries