Q: What does the Barracuda Web App Firewall do? A: The Barracuda Web App Firewall protects your Web site from attackers leveraging protocol or application vulnerabilities to instigate unauthorized access, data theft, denial of service (DoS), or defacement of your Web site. The Barracuda Web App Firewall provides complete protection of Web applications and is designed to enforce policies for both internal and external data security standards, such as the Payment Card Industry Data Security Standard (PCI DSS). At the same time, the Barracuda Web App Firewall features a number of traffic management capabilities designed to improve the performance, scalability and manageability of today’s most demanding data center infrastructures. Q: Why do I need a Web App Firewall? A: Businesses of all sizes that operate their own Web applications should deploy a powerful Web App Firewall to protect their Web sites from application vulnerabilities. Traditionally, security has been considered a network issue, where system administrators lock down host computers through a network firewall. While a typical network firewall can help restrict traffic to HTTP and HTTPS, this traffic can contain command exploits leveraging vulnerabilities in the Web application itself. Without the Barracuda Web App Firewall acting as an application firewall, a hacker’s attack can result in unauthorized access, data leakage, site defacement and/or other attacks that compromise both the privacy and integrity of vital data. Q: What are the major capabilities and benefits of the Barracuda Web App Firewall? A: The major capabilities and benefits of the Barracuda Web App Firewall include: Comprehensive Web Site Protection: The Barracuda Web App Firewall proxies all Web traffic, providing complete protection in front of your Web sites. Web site protection capabilities include: HTTP protocol compliance, protection against common/high-visibility attacks, protection against attacks based on session state, online form field validation, outbound data theft protection, Web site cloaking, anti-Web crawling and application denial of service (DoS) protection, as well as fine-grain controls. Application Access Control: The Barracuda Web App Firewall provides PKI support to provide certificate verification and prevents cookie tampering to ensure hidden or read-only form fields are not changed by the user. Application Delivery and Acceleration: In addition to the security and access control benefits of Barracuda Web App Firewall, there are also additional operational capabilities. Capabilities include SSL offloading, SSL acceleration, load balancing and high availability. Logging, Monitoring and Reporting: The Barracuda Web App Firewall features advanced capabilities to provide immediate feedback to operations teams that deploy, manage and secure mission critical applications. Besides a system log, Web firewall log, traditional Web log and audit log, the Barracuda Web App Firewall also provides specific reports relevant to PCI compliance. Q: How do Barracuda Web App Firewall Detect and Mitigate Threats? A: The Barracuda Web App Firewall provide award-winning protection from all common attacks on Web applications, including SQL injections, cross-site scripting attacks, session tampering and buffer overflows. As a full proxy, the Barracuda Web App Firewall provides comprehensive inbound and outbound protection. By inspecting request traffic, the Barracuda Web App Firewall can block inbound attacks and cloak Web sites from hackers, while response traffic inspection prevents sensitive data leakage, such as credit card or Social Security numbers. In addition, the Barracuda Web App Firewall secures applications from unauthorized user access a full PKI integration for use with client certificates. Q: Can the Barracuda Web App Firewall help my company comply with the Payment Card Industry Data Security Standard (PCI DSS)? A: Yes, the Barracuda Web App Firewall assists organizations that store, process and/or transmit credit card numbers to comply with the Payment Card Industry - Data Security Standard (PCI DSS) requirements. As major credit card companies are increasing pressure on merchants to comply with the PCI DSS, many e-commerce businesses are seeking solutions to meet requirement 6.6 of PCI DSS calling for either detailed custom application code reviews or installation of a Web Application Firewall by June 30, 2008. Failure to comply with these security standards may result in fines, restrictions or permanent expulsion from card acceptance programs. Through multiple advanced features, the Barracuda Web App Firewall can help organizations easily become PCI DSS compliant. Click here for additional information. Q: What logging, monitoring and reporting features are available with the Barracuda Web App Firewall? A: Logging monitoring and reporting capabilities of Barracuda Web App Firewall include: Comprehensive logging. The Barracuda Web App Firewall maintains a rich set of logs on the appliance, including system activity, Web Firewall activity, Web services activity, network firewall activity and traditional Web logs. PCI reports. The Barracuda Web App Firewall provides a quick snapshot of application attacks defined in the PCI DSS Section 6.5, including unvalidated input, broken access control, cross-site scripting and so on. Syslog support. The Barracuda Web App Firewall forwards logs to a syslog server for centralized and persistent storage or analysis by a third party tool. Q: Will the Barracuda Web App Firewall fit into my existing network environment? A:Yes, the Barracuda Web App Firewall is designed to easily fit into any existing data center environment and to rapidly secure and accelerate new and existing Web applications. Barracuda Networks offers the most flexible array of Barracuda Web App Firewall deployment options, including both Bridge-path and Route-path. Q: How do I know which Barracuda Web App Firewall model is best suited to my needs? A: A regional Barracuda Networks sales representative can evaluate your network environment and Web usage needs to help determine which model(s) is the best fit for your company. Q: What if I have more questions about the Barracuda Web App Firewall? A: For additional assistance or for a product demonstration of the Barracuda Web App Firewall, please contact us at +1-877-444-3335.