Barracuda Web Filter

Winner: Network Products Guide 2012 Awards

Wednesday, May 16th, 2012

By Oliver Wai, Product Marketing Manager

Last week, I had the honor of attending the 7th Annual Hot Companies & Best Products Awards event in Las Vegas where we won two awards. We were extremely pleased that Network Products Guide chose the Barracuda Spam & Virus Firewall Vx and the Barracuda Web Filter as the Best 2012 solutions for key IT challenges:

Best IT Products & Services for Education – Barracuda Web Filter

Barracuda has always been strong in the Education market and we’ve been working closely with our customers to design solutions to fit their unique challenges. Together we have developed new innovative features and capabilities such as:

  • YouTube for Schools Integration which gives teachers the ability to use a great selection of educational videos, while blocking offensive, inappropriate, or just plain wasteful YouTube content.
  • Social Media Regulation capabilities that allow teachers or administrators to granularly control and archive social media platforms like Facebook and Twitter.
  • Barracuda Safe Browser which allows administrators to ensure security on iPads or Android tablets regardless of where students are using them.

Best Email, Security & Management Award – Barracuda Spam & Virus Firewall Vx

The Barracuda Spam & Virus Firewall has been a mainstay and core product of Barracuda’s security portfolio since we founded our company. As the IDC Content Security volume leader, Barracuda Networks has invested heavily in expanding the capabilities of our flagship product. These include:

  • Data Loss Prevention capabilities that ensures no confidential information is leaked out of the organization.
  • Email Encryption where outbound email is encrypted by the Barracuda Message Center, a cloud-based portal that solves the problem of key exchange. Administrators can set policies at the organizations level and users can self-select email messages using an Outlook plug-in.
  • Cloud Protection Layer (CPL) that pre-filters spam before it comes into your network. The CPL also acts as a Business Continuity solution by providing email accessibility in the cloud even when your network is down.
Share

Tags: , , , , ,
Posted in Barracuda Spam Virus Firewall VX, Barracuda Web Filter | No Comments »

At Barracuda Networks, 2012 is the Year of the School

Friday, February 10th, 2012

by Sanjay Ramnath, Product Manager

K-12 schools, districts, and agencies simply can’t afford not to make sure that their networks, data, and users are totally secure—especially with vulnerable students accessing those networks every day. The dangers are too great to take any chances. And with mobile devices and social-media usage extending the threat landscape in new directions, yesterday’s solutions simply aren’t good enough.

That’s why 2012 will see Barracuda Networks reaching out to K-12 organizations in North America—including public and private schools, school districts, and county and state education agencies—to let them know that effective, affordable, easy-to-manage security solutions are out there, optimized just for them.

To learn more about how Barracuda solutions address the unique network security challenges facing K-12 organizations, please download this informative white paper, entitled  “Dynamic Content Security for K-12 Organizations.”

The Barracuda Advantage

“Dynamic Content Security” is the name for a more holistic, integrated approach to network security that delivers:

  • Improved network performance
  • Dramatic cost savings—both long- and short-term
  • Total content security that protects every user—including mobile and off-network users
  • Fine-grained controls to optimize capacity and access
  • Simple, centralized control panel to make network management a breeze (plus award-winning customer and technical support for when it’s not)
  • Comprehensive forensic reporting to optimize resources and budgets, identify bandwidth-hogging users and apps, demonstrate regulatory compliance, and manage civil or criminal liability
  • Multiple deployment options—including on-site appliances, virtual appliances, cloud-based services, or a combination—to ensure a solution that fits your needs, capabilities, and budget

Promotional Payment Terms for K-12 Customers

We understand the intense budget pressures affecting schools, districts, and agencies today. That’s why we created the K-12 Budget Alignment Program . This limited-time promotion allows qualified North American K-12 customers to postpone paying for their Barracuda security solutions until July 31, 2012—long enough to take advantage of new-fiscal-year budget allocations.

With the K-12 Budget Alignment Program 2012, security and compliance don’t have to wait; but paying for them can.

And there’s more, K-12 organizations may also qualify for a significant discount off the retail list price of selected Barracuda solutions. To learn more, contact Barracuda today at 1-888-ANTI-SPAM (1-888-268-4772).

Managing the Transformation in Education

K-12 education is changing, and technology is driving that change. The benefits of these changes are immense. But without a new approach to security, the threats they bring could easily overwhelm the advantages.

At Barracuda, we’re committed to helping K-12 organizations use Dynamic Content Security to manage that transformation safely, securely, simply, and affordably. With Barracuda solutions in place, schools can rest assured that their user community is protected; that network management will continue to be streamlined and simple; and that their IT costs will be kept as low as possible well into the future.

Share

Posted in Barracuda Backup Service, Barracuda Email Security Service, Barracuda Link Balancer, Barracuda Load Balancer, Barracuda Message Archiver, Barracuda NG Firewall, Barracuda SSL VPN, Barracuda Spam & Virus Firewall, Barracuda Vx, Barracuda Web Application Firewall, Barracuda Web Filter, Barracuda Web Security Flex, Hybrid protection, Social Networking, Uncategorized | No Comments »

Web Security Strategy: Monitoring with the Barracuda Web Filter

Thursday, September 1st, 2011

Posted by:  Sanjay Ramnath, product manager

With the Internet becoming an integral part of the work place, a good web security strategy is as much about monitoring Internet usage as it is about regulating web access. IT and HR administrators benefit from detailed information about the Internet usage behavior of users in their network. This helps provide employees access to essential online resources while maintaining a safe and secure network environment. I think this is especially important in educational environments, where it is often necessary to resolve disputes or address concerns from parents or regulators. Accurate and comprehensive web browsing data helps make informed decisions in such sensitive situations.

The Barracuda Web Filter provides over 45 unique reports on all aspects of Internet usage. Popular reports include “Users by Time Spent”, “Users by Requests”, “Users by Bandwidth” and “Domains by Time Spent”. These provide administrators with a detailed view of Internet usage. Reports can be narrowed to a specific time period and filtered for specific users, groups, domains and content categories. They can be viewed ad-hoc, scheduled for automatic email delivery or archived to a network share. Barracuda Web Filter reports are interactive allowing the administrator to easily drill-down from overviews to granular forensic data. In addition to historical reports, the Barracuda Web Filter provides a network dashboard and web usage logs for real time network monitoring.

The powerful, purpose built reporting and logging capabilities of the Barracuda Web Filter offer a distinct advantage over Unified Threat Management (UTM) style devices that are mainly designed for processing traffic. Also, reporting is fully integrated into the appliance at no additional cost and without any additional hardware, software or external database management.

To find out more, go to www.barracuda.com/webfilter or talk to one of our product specialists at 1 408 342 5400.

Share

Posted in Barracuda Web Filter, Uncategorized | No Comments »

Protecting all your Web users with Barracuda Web Security Flex

Thursday, July 7th, 2011

Posted by:  Sanjay Ramnath, product manager

As product management head for our Web security products, I’m often asked why we invested in a cloud-based solution, Barracuda Web Security Flex, when we have a successful premises-based appliance offering, the Barracuda Web Filter.  It’s true that with remote filtering capabilities of the Barracuda Web Filter, you can protect users regardless of where they are, via the Barracuda Web Security Agent for Windows and Mac.  It’s also true that through the Barracuda Control Center, you can centrally administer policies from the cloud for multiple Barracuda Web Filter appliances in different locations.

What makes Barracuda Web Security Flex technology unique is cloud-based reporting.  It’s fast, easy and maintenance free for network administrators who prefer not to maintain on-premises databases of Web log data.

Reporting and policy management is centralized whether you direct proxy to our cloud, redirect traffic from desktop or laptop computers using the Barracuda Web Security Agent, or you deploy one of our gateway appliances.  The pricing is also independent of deployment method and you can change the deployment when you want.  That’s why we call it Flex.

I’m very excited about the traction we’ve been getting here.  Feel free to check out the Web pages I’ve set up at: www.barracuda.com/flex or contact one of our product specialists at +1 408 342 5400.

Share

Tags: , , , , ,
Posted in Barracuda Web Filter, Barracuda Web Security Flex, Uncategorized, Web Security | Comments Off

Why are Web site Attacks on the Rise?

Friday, June 24th, 2011

Posted by:  Steve Pao, VP of product management and Oliver Wai, product marketing manager

Recent high-profile Web security breaches have caused organizations in both the private and public sectors to take a deeper look into the security measures they have in place as well as to question why there is such a recent concentration of attacks.  We believe there are a few trends underlying the recent increase of attacks:

  • The first is the prevalence of hacking tools and “how-to-guides” that are now available online on how to launch attacks. Whereas attacks used to be perpetrated by sophisticated hackers, now almost anyone can launch attack using these resources and automated tools.  Just Google “how to hack [system]”, “hacking tools” and you will find a plethora of tools and tips on how to accomplish these objectives.
  • The second trend is economics. Traditional money making scams and threats like spam are increasingly ineffective as tools to protect against these threats have increased in use among organizations.  On the other hand, there is a thriving black market for stolen credit cards, emails, identities, zombie computers, etc. so data breaches are extremely profitable for hackers, and as a result, they are turning more attention to profitable endeavors like hacking Web sites.
  • The final trend is an increase in Web attacks for strategic purposes. Many of the most recent attacks like the ones on defense contractors, RSA/EMC, and Gmail are extremely sophisticated and seem to have a strategic purpose or sponsorship to them.

Unfortunately, many of these attacks are happening because the right security measures are not in place at many organizations.  This is not because there are not very effective solutions available, but instead there is a general lack of awareness and education about how these solutions can protect against such attacks.  In many cases, a breach itself serves as the defining lesson for why Web application security tools – such as a WAF (Web Application Firewall) should be in place.  In addition, the need for security layers within any organization’s infrastructure is also very important.

Overall, organizations need to know of the importance of having the right technology at each layer to protect their resources and the recent attacks can serve to reinforce this need:

  • Protect your email infrastructure with an email filtering solution or service
  • Secure your Web sites and Web applications with a WAF
  • Reinforce your network perimeter with a next generation firewall
  • Strengthen your network against malware, drive-by-downloads and other threats with a Web filtering device or service

Barracuda Networks offers solutions to help organizations reinforce their network infrastructures from these attacks.  For more information on our complete line of security offerings, please visit the Product section of our Web site.

Share

Tags: , , ,
Posted in Barracuda NG Firewall, Barracuda Spam & Virus Firewall, Barracuda Web Application Firewall, Barracuda Web Filter, Barracuda Web Security Flex, Uncategorized, Web Security | No Comments »

Now Available: Barracuda Web Filter 4.4 Firmware Release

Wednesday, April 20th, 2011

Posted by:  Sanjay Ramnath, product manager

We are pleased to announce the availability of Barracuda Web Filter firmware 4.4 to our customers.   Customers with current Energize Update subscriptions can now download update packages.  There are five key features included with this release:

  1. Enhanced application control – Firmware 4.4 provides advanced content inspection based application profiling technology that enables the Barracuda Web Filter to profile numerous hard-to-detect applications and proxies including Skype, Ultrasurf  and Torrents.  Application categories include IM, Tools, P2P, VPN, Media, Updates, Remote Desktop, Games, Popular Protocols, Circumventors and User Agents.  Administrators can now optimize bandwidth consumption by applying granular policies allowing only essential applications while blocking bandwidth-intense leisure applications.
  2. Remote filtering – The Barracuda Web Security Agent (WSA) can now be configured in “Policy Lookup” mode. In this mode, the WSA will lookup policies from the central Web Filter appliance without actually routing or redirecting traffic through it. This is very useful when an organization does not want to route all remote user traffic through their central gateway. The WSA will locally enforce policies configured on the central Web Filter appliances and if allowed, route Web traffic through the local gateway. Firmware 4.4 also provides support for the Mac version of WSA. WSA is supported on OS X 10.5 (Leopard) or later. This is a key feature especially for school districts that are implementing 1:1 initiatives with Apple laptops.
  3. VLAN deployment – The Barracuda Web Filter can now natively operate in VLAN environments. This is required especially when the Web Filter is required to participate in VLAN trunking. Now, the Barracuda Web Filter can hand VLANs and Virtual Interfaces both on the LAN side as well as in bridged mode. This enables plug-and-play deployment in complex VLAN environments.
  4. Improved reporting accuracy – We have made several enhancements to improve the accuracy of time calculations in reports. Embedded Web content challenges most Web filtering reports. For example, a site like cnn.com embeds requests to Facebook, twitter, and other social networks.  Let’s say a user visits cnn and spends 15 minutes on the site. While a user might not explicitly click on the links to Facebook, or others within the cnn.com site, the embedded content still makes periodic Web requests. On a report, this appears as if the user visited cnn, facebook and twitter and spent 15 minutes on each site. While this is accurate, it can misrepresent the user’s actions on reports that are reviewed by the Human Resources department for example. The Barracuda Web Filter is now intelligent enough to make the distinction between such embedded requests – also known as “referred requests” – and actual user visits and distinguish them accordingly in the reports. Therefore the reports more accurately reflect user actions.
  5. Regulating file upload/downloads – The Barracuda Web Filter can now regulate uploads and downloads to specific Web sites. For example, an administrator can create a policy to allow access to business-related Web sites but block any file uploads, downloads or both. This is under BLOCK/ACCEPT->Exceptions.

With WSA for Mac and enhanced applications support, this is a significant new release for the Barracuda Web Filter. Please visit the Barracuda Web Filter product page for more information.

Share

Posted in Barracuda Web Filter, firmware release | No Comments »

Extend Web Protection Beyond the Classroom with Barracuda Web Security Solutions

Wednesday, April 13th, 2011

Posted by:  Sanjay Ramnath, product manager

Just as mobile devices are becoming essential tools for business, there is another user population that is rapidly expanding its use of mobile technology –  kids. In fact, many schools are equipping students with laptops to streamline access and delivery of educational content.

As students rely on these machines as their primary resource for school and leisure activities, it is increasingly important for school districts and educational institutions to ensure that they secure these computers, both to ensure security as well as to regulate access to inappropriate Web content. This is especially crucial, and challenging when the machines are used from outside the school network. For example, a school might have a Web filtering policy in place to block students from accessing Adult Web content when they are browsing from within the school network but what happens when students browse the Web from home using school issued laptops?

Barracuda Networks provides a variety of solutions to help education customers and other organizations to extend powerful Web security beyond the network perimeter.

Barracuda Web Security Agent for Remote Filtering

Both the Barracuda Web Filter appliance and Barracuda Web Security Flex cloud-based Web filtering solution offer comprehensive coverage and filtering for off-network computers through the Barracuda Web Security Agent (WSA), a client software module that can be downloaded and installed on remote machines.

The WSA is supported both on Windows and Mac platforms. 

This is a key feature especially for school districts that are implementing 1:1 laptop initiatives with Apple laptops.  With the Barracuda WSA installed, Web traffic from student laptops will be transparently filtered through a Barracuda Web Filter appliance or cloud filtering service to ensure that Web browsing policies applied to users within the network are also enforced to off-network users. The Barracuda WSA can be centrally configured, managed and deployed and is tamper-proof once installed on client computers. This enables organizations to implement a consistent, transparent Web security policy across localized and distributed users without the need to invest in or manage additional solutions.

What’s more, Barracuda WSA can be deployed at absolutely no additional charge with the purchase of the Barracuda Web Filter or Barracuda Web Security Flex solutions. 

 “Think Cloud” Campaign for Schools

Recognizing that schools often operate on tight budgets and with limited resources and staff – especially for IT – Barracuda Networks recently launched a “Think Cloud” campaign for education customers.  As part of this initiative Barracuda Networks is offering a 30 percent discount on Barracuda Web Security Flex and a 20 percent discount on Barracuda Web Filter.

Interested customers can find more information, including the terms of the program can be found on the “Think Cloud” overview page on the Barracuda Networks Web site.

With the WSA combined with the Barracuda Web Filter appliance or Barracuda Web Security Flex, Barracuda Networks leads the way in providing solutions that enable comprehensive and uniform Web security at an affordable price. For a free 30-day evaluation, contact Barracuda Networks by email at sales@barracuda.com.

Share

Posted in Barracuda Web Filter, Web Security | No Comments »

How to Prevent Clickjacking Attacks

Wednesday, June 16th, 2010

Posted by:  Oliver Wai, product marketing manager

This is part two of a two-part post on how Web site clickjacking attacks work, and how to prevent them.

Unlike other common Web vulnerabilities, clickjacking is not a consequence of a bug in a Web application.  Instead, clickjacking exploits the way browsers use HTML/CSS/JavaScript to render pages. It affects all of the major browser platforms including Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari.

Why does this Matter?

While the Facebook attack shown in our previous blog entry is more of a nuisance, it still illustrates the potential danger of clickjacking within the context of social networks. This attack demonstrates how a smart attacker can use social channels to spread malware by spoofing trusted users within the social group. More importantly, attacks of this sort can quickly morph into more serious attacks when combined with more sophisticated techniques such as a Cross-Site Request Forgery (CSRF) attack  or password stealing Trojans. Imagine if an attacker injects a clickjacking script onto a legitimate Web site that tricks the user into submitting a forged request. Because the action is generated by the victim during a valid session, it is extremely difficult for the application to detect that the request was spoofed.

Clickjacking Prevention Must Start at the Client Browser

The key solution to preventing clickjacking is to improve Web browser functionality to detect and defend against hidden iFrames and malicious JavaScript. The main browser platforms have already begun to add clickjacking prevention:

  • Mozilla Firefox has a NoScript Add-On that helps prevent scripting from untrusted domains
  • Microsoft IE, Apple Safari, and Google Chrome have implemented a HTTP header, X-FRAME-OPTIONS check to allow the host application to specify if they allow Framing.

While these provide a step in the right direction, it will take some time before this solves clickjacking problems due slow adoption and/or patching by developers and the general public.

Server-Side Solutions that Can Limit the Risk of Clickjacking

Until all browsers fix clickjacking vulnerabilities, organizations need to focus on prevention and mitigation. Some steps can be done to prevent clickjacking:

1. Install a Spam & Virus Firewall

Clickjacking starts by tricking users into visiting compromised sites. One major vector of attack is through spam or spoofed emails. Blocking spam is key to stopping clickjacking at the source.

2. Filter Web Traffic and Block Malicious Sites

Web Filters can block users from accessing dangerous sites that may contain clickjacking techniques.

3. Protect your Web Applications from Clickjacking Scripts

Web Application Firewalls can scrub all content for malicious scripts and deny attackers from injecting clickjacking scripts onto your Web site.

4. Protect your Web Application Forms

Web Application Firewalls can inject Nonce (tokens) into HTTP forms to limit exposure from unsolicited form updates launched by clickjacking attempts. Application Firewalls can also validate form parameter inputs to prevent malicious input from being sent to the Web Servers.

5. Periodically Log-out Users

Web applications that keep users logged in (like Facebook) are vulnerable to forged requests launched by clickjacking. Users should be periodically logged out to limit chances for exposure.

Outlook

Clickjacking is a challenging client-side vulnerability that needs to be solved by the Web Browser platforms. The major Web platform vendors are already working on clickjacking solutions and organization must ensure that their users are installing the latest patches as they are released. Finally organizations can limit the scope of damage and windows of opportunity for clickjacking to take place by applying preventative countermeasures through the use of Web Application Firewalls, Spam & Virus Firewalls, and/or Web Filters.

Share

Posted in Barracuda Spam & Virus Firewall, Barracuda Web Application Firewall, Barracuda Web Filter | No Comments »

Anatomy of a Clickjacking Attack

Monday, June 14th, 2010

Posted by:  Oliver Wai, product marketing manager

This is part one of a two-part post on how Web site clickjacking attacks work, and how to prevent them.

The success of Facebook clickjacking is due in large part to the social nature of the Web site. Users of Facebook are MUCH more likely to click on a particular link if (s)he believes that the link was posted by a friend. Unfortunately, attackers also understand this dynamic and as a result, they are using Facebook as a new vector to deliver attacks.

What is Clickjacking?

Clickjacking (aka user interface (UI) redressing)  is an attack where an attacker has injected malicious content onto compromised page (Web site A) to trick the user into clicking on a link or button from another domain (Web site B). Typically the attack is set up by the creation of an invisible or disguised iFrame on Web site A that points to a UI button on Web site B. The button could be used to launch a forged cross site request, to download malware, or for any other malicious activity.

How does this Apply to Facebook?

In the recent Facebook Clickjacking attacks, an attacker sets off a variant of a Facebook worm that sends users to a clickjacked Web page that exploits Facebook’s “Like” infrastructure. This is accomplished through a series of well-designed steps:

1. Find the Victims.

The attacker likely created a spam email, banner ad or some other type of bait to trick people into clicking the malware. The bait could be a spoofed link to pornography, free products, celebrity gossip, or any other enticements. For our example, let’s assume the bait is an email with a link that says “Check this New Video of a Dancing Bear!”

2. Clickjack the Victims’ Facebook Accounts.

Once the victim clicks on the malware link, the bait will take the user to an intermediary page displaying a warning that asks the user to “Click to continue” or “Verify that you are least 18 years old” to view.  This is where the clickjacking occurs. On this page there is an invisible iFrame that uses JavaScript to silently follow the user’s mouse icon. No matter where the user clicks on the page, the victim will end up clicking on the hidden iFrame that launches a clickjacking attack on the user’s Facebook page.

3. Spread to the Victims’ Social Networks.

Because most users are permanently logged into Facebook, if the user clicks anywhere on the clickjacked page, a link is published on the Victim’s Profile with the same link used to lure the original victim of the attack:

“Check this New Video of a Dancing Bear!”

 

 

This appears on all of the user’s contacts’ Facebook News Feed. If any of the victim’s friends on Facebook clicks the link, they are also sent to the clickjacked page. If the new victim clicks anywhere on the page, a “Like” link would be added to their Facebook profile, starting the cycle again.

Check out part two of this post on how to prevent a clickjacking attack.

Share

Posted in Barracuda Spam & Virus Firewall, Barracuda Web Application Firewall, Barracuda Web Filter, Uncategorized | No Comments »

Web Filtering for Schools: Finding the Right Balance

Monday, April 5th, 2010

Posted by:  Sanjay Ramnath, product manager

With a combination of powerful features, ease-of-use and affordability, the Barracuda Web Filter and Barracuda Purewire Web Security Service are ideal solutions for educational institutions to secure their networks and provide a safe and productive Web access environment.   There are a number of key considerations that school administrators and IT staff must take into account when determining how the Web can be effectively used as a tool in schools – at all levels –  for research, learning, creativity and many other positive outlets while ensuring policy enforcement and protection against harmful content.  These challenges can include:

  • Malware: This threat vector is even more relevant in the context of a user base, for example students tend to have unpredictable browsing habits. In fact, Barracuda Networks’ studies indicate that students are more likely to visit compromised Web sites than any other group of users.
  • Criminal Activity:  Children can inadvertently identify themselves to malicious or criminal users through chat rooms, instant messaging (IM), social networking sites or other avenues, thereby making them vulnerable to cyber-bullying or online stalking tactics. This form of cybercrime is a very unpleasant reality today and is a major concern for parents and administrators.
  • Anonymous Proxies: As students become more technically savvy, they inevitably seek ways to circumvent restrictions to online content. Anonymous proxies aid this by providing Web sites or applications that are designed to avoid Web filtering policies by obfuscating user identity. Widespread use of these applications will expose an educational institution to all the risks inherent to an unfiltered, unmanaged IT infrastructure.
  • And more…    

A new whitepaper available from Barracuda Networks, “Providing Safe Web Access in Educational Institutions”, takes a deeper look at each of these considerations and can help educational institutions to navigate the requirements of providing access to the best available educational resources while ensuring Internet safety.

Share

Posted in Barracuda Web Filter, Barracuda Web Security Flex | No Comments »