It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Glossary

accelerator

A hardware addition to an existing computing device that increases the computer's processing speed and capabilities.

access control list
  • Also known as: ACL

Constrains the flow of traffic by individual IP address or by a range of IP addresses.

Access Control service

Service on the Barracuda CloudGen Firewall that defines security policies for network users and enables the firewall to perform identity and health checks on clients.

access key

The combination of an access key ID (like AKIAIOSFODNN7EXAMPLE) and a secret access key (like JalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). You use access keys to sign API requests that you make to AWS.

access key ID

A unique identifier that's associated with a secret access key, the access key ID and secret access key are used together to sign programmatic AWS requests cryptographically.

Access Monitor

Component of the Barracuda Network Access Client. Monitoring software, responsible for sending the endpoint health status to the Access Control Service for baselining.

access rule

Forwarding rule that determines how clients on a source network access resources on a destination network.

ActiveSync

Enables you to configure Microsoft Exchange accounts on a mobile device.

adaptive profiling

Technique of analyzing request and response traffic to generate customized security profiles for the web application. See also exception profiling. 

add-in

Software utility that can be used in conjunction with a device or service; for example, Barracuda Outlook Add-In.

add-on

A piece of software that enhances another software application and usually cannot be run independently.

Advanced Persistent Threat
  • Also known as: APT

Malicious cyber attacks directed at a specific target, usually over a long period of time. APTs are often run by professional organizations, looking to steal information rather than just money.

Advanced Threat Protection
  • Also known as: ATD, ATP, Advanced Threat Detection, BATP, Barracuda Advanced Threat Protection

Service that analyzes inbound email attachments with most MIME types in a separate, secured cloud environment, detecting new threats and determining whether to block such messages. Formerly known as Advanced Threat Detection, or ATD.

AES 256-bit
  • Also known as: Advanced Encryption Standard

A specification for the encryption of electronic data. 256-bit refers to the key length and is the maximum value.

allow list
  • Also known as: whitelist, white list

List of domains, users, or hosts that are allowed access, especially referring to mail and web traffic.

Amazon Elasticsearch Service
  • Also known as: Amazon ES

AWS-managed service for deploying, operating, and scaling Elasticsearch in the AWS Cloud.

Amazon Web Services
  • Also known as: AWS

Amazon's public cloud platform that lets you build, deploy, and manage applications across a global network of datacenters.

AMI
  • Also known as: Amazon Machine Image

AWS template that contains configuration, application server, and applications required to launch an EC2 AWS Instance.

Android

Mobile device operating system. Compare to Apple iOS.

anti-evasion

Protection against network attacks that combine several different known evasion methods to create a new technique that is delivered over several layers of the network simultaneously. 

anti-malware
  • Also known as: malware protection

Protection against malicious software, used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.

anti-obfuscation

Protection against attacks that involve obfuscated code. Obfuscation may involve encrypting code, stripping out potentially revealing metadata, renaming useful class and variable names, or adding meaningless code to an application binary. 

antivirus

Antivirus software, abbreviated: AV. Used to prevent, detect and remove malicious software.

API
  • Also known as: Application Programming Interface

 A set of tools and procedures provided by the programmer of an application so that other programmers can control, exchange data with, or extend the functionality of an application.

APN
  • Also known as: Access Point Name

Access Point Name provided by an ISP for wireless WAN connections.

App Redirect access rule

Access rule that rewrites the destination IP address and forwards the traffic to a service running on a local IP address of the Barracuda CloudGen Firewall.

Apple iOS

Apple mobile operating system for devices such as iPhone and iPad. Compare to Android.

appliance

Device or piece of equipment.

Application Control

Enables you to control application traffic, including sub-applications, such as chat function and picture uploading.

application layer

Layer 7 of the OSI reference model. This layer provides services to application processes (such as electronic mail, file transfer, and terminal emulation) that are outside of the OSI model.

Application Load Balancer

AWS feature that makes routing decisions at the application layer (HTTP/S), supports path-based routing, and can route requests to one or more ports on each EC2 instance or container instance in a VPC.

application object

Firewall object that references lists of applications. Can be applied to an application rule on the Barracuda CloudGen Firewall.

application rule

Firewall rule that allows you to block or throttle traffic for detected applications.

application-aware

Considering and inspecting application traffic. The Barracuda NextGen Firewall is an application-aware network firewall.

application-based provider/application-based link selection

When configured, the Barracuda CloudGen Firewall routes traffic through the provider link that is defined in the connection object.

ARP
  • Also known as: Address Resolution Protocol

Protocol for mapping IP addresses to physical addresses such as Ethernet or Token Ring.

ARP spoofing
  • Also known as: ARP trashing, spoofing

Type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network.

ASCII

Referring to a standard 7-bit character system that includes the alphanumeric characters and printer control codes.

ATM

A broadband transmission system using 53-octet packets over a cell-switched network at speeds up to 2.2 GBPS.

Audit Log service

Service on the Barracuda CloudGen Firewall that is used for central audit log file collection.

Authentication Client

Application used to automate Offline Firewall Authentication on the Barracuda CloudGen Firewall.

authoritative DNS

Name server that gives answers in response to queries about names in a DNS zone.

authority zone

Associated with DNS. A section of the domain-name tree for which one name server is the authority.

Auto Scaling
  • Also known as: Auto Scale

A web service designed to launch or terminate AWS instances automatically based on user-defined policies, schedules, and health checks.

Auto Scaling Group

A representation of multiple EC2 instances that share similar characteristics, and that are treated as a logical grouping for the purposes of instance scaling and management.

autonomous system
  • Also known as: AS

Collection of networks under a common administration sharing a common routing strategy. Autonomous systems are subdivided by areas. An autonomous system must be assigned a unique 16-bit number by the IANA. 

Availability Zone
  • Also known as: AZ

A distinct location within an AWS region that is insulated from failures in other Availability Zones, and provides inexpensive, low-latency network connectivity to other Availability Zones in the same region.

Avira

Virus scanning engine used by the Barracuda CloudGen Firewall. Avira is integrated in the Virus Scanner service.

AWS Certificate Manager
  • Also known as: ACM, Amazon Web Services

A web service for provisioning, managing, and deploying Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services.

AWS Direct Connect
  • Also known as: Amazon Web Services

Enables you to use the Internet privately through AWS cloud services by linking your internal network to an AWS Direct Connect location. You can create virtual interfaces directly to the AWS cloud and to Amazon VPC, bypassing Internet service providers in your network path.

AWS IoT
  • Also known as: Amazon Web Services Internet of Things

A managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices.

AWS region

A named set of AWS resources in the same geographical area. A region comprises at least two Availability Zones.

AWS Route Table
  • Also known as: Amazon Web Services

Routing table used in AWS subnets, that can be modified, for example, to use an Internet gateway as the target for the default route.

AWS Management Console

A simple and intuitive web-based user interface to access and manage AWS.

Azure

Microsoft's public cloud platform that lets you build, deploy, and manage applications across a global network of datacenters.

Azure PowerShell

A set of modules that provide cmdlets to manage Azure with Windows PowerShell. 

Azure Resource Manager
  • Also known as: ARM

Azure deployment mode that enables you to work with the resources in your solution as a group. Recommended for new deployments.

Azure Route Table
  • Also known as: UDR, User Defined Routing, user-defined routing

Allows you to create network routes for traffic between subnets and to the Internet.

Azure Security Center

Feature that helps to prevent, detect, and respond to threats with increased visibility of Azure resources, and provides security monitoring and policy management.

Azure Service Manager
  • Also known as: ASM

Classic deployment mode used in legacy Azure deployments. ASM offers a web interface and PowerShell for deployments. 

Azure Storage Resource Group

Microsoft Azure resource group that may contain storage accounts for OS disks, source images, and all other data an application requires. 

back-end server

Part of the back-end process, that usually consists of server, application, and database. The back end is where the technical processes happen, as opposed to the front end, which is usually where the user's interaction occurs.

backbone

Referring to the Internet, a central network that provides a pathway for other networks to communicate.

Balance-XOR

Operating mode for Ethernet bundles where the link is chosen by calculating the hash out of the source/destination MAC (Layer 2) combined with the IP addresses (Level 3).

bandwidth

Rate of data transfer, usually expressed in multiples of bits per second (bps).

Barracuda Backup-as-a-Service
  • Also known as: BaaS

Versions of Barracuda Backup can be purchased as an annual service that includes an appliance, Energize Updates, Instant Replacement, and Unlimited Cloud storage.

Barracuda Campus

Online documentation and training material for all Barracuda Networks products, located at campus.barracuda.com. Contains feature descriptions, how-to articles, and release notes. Formerly known as Barracuda University and Barracuda TechLibrary.

Barracuda Central

Provides a wide range of statistics, threat information, and a number of useful services to help manage and secure your network. Shares information with Barracuda Networks customers and the Internet security community. 

Barracuda cloud

A complementary component of all Barracuda Networks products, providing an added layer of protection and scalability.

Barracuda Cloud Control
  • Also known as: BCC

A comprehensive cloud-based service that enables administrators to monitor and configure multiple Barracuda Networks products from a single console.

Barracuda CloudGen Firewall

Enterprise-grade, cloud-generation firewall, purpose-built for efficient deployment and operation within dispersed, highly dynamic, and security-critical network environments.The product was formerly known as Barracuda NextGen Firewall or Barracuda NG Firewall and in Q1 2018 got renamed to CloudGen Firewall to emphasize its abilities to protect cloud and dispersed networks.

Barracuda CloudGen Firewall FSC-Series

Enables Internet of Things (IoT) devices and micro-networks to connect to the corporate datacenter via Secure Access Concentrators (FSACs).

Barracuda Earth

Barracuda CloudGen Firewall feature that provides a visual representation of the status of VPN site-to-site tunnels around the world. Information is retrieved from the Control Center.

Barracuda Firewall Admin

Application used to administer Barracuda CloudGen Firewalls and Barracuda Firewall Control Centers. 

Barracuda Firewall Control Center

Central administration appliance designed to manage a large number of Barracuda CloudGen Firewalls. 

Barracuda Message Center 

An encrypted email message service for the Barracuda Email Security Gateway and the Barracuda Email Security Service.

Barracuda Network Access Client

The Barracuda Network Access Client integrates with the Access Control Service of the Barracuda CloudGen Firewall and lets you configure access policies and rules depending on various criteria such as identity and client health state.

Barracuda Networks account

Credentialed account used to log into Barracuda Services and Barracuda Appliance Control.

Barracuda Networks Technical Support

Contact Barracuda Networks Technical Support if you need help with your Barracuda Networks product. Visit https://www.barracuda.com/support/index for details.

Barracuda NextGen Firewall X-Series

Application-aware network firewall appliance, designed for organizations without dedicated IT personnel to manage firewalls.

Barracuda NG Web Security Gateway (IBM ISS)

Web Security Gateway engine used by the URL Filter service on the Barracuda NextGen Firewall F-Series. The Barracuda NG Web Security Filter can only be used in combination with the HTTP proxy and is not compatible with Application Control. Requires a Barracuda NG Web Security Gateway subscription.

Barracuda portal

Entry point into Barracuda cloud services.

Barracuda Reputation

A database maintained by Barracuda Central and includes a list of IP addresses of known, good senders as well as known spammers, or IP addresses with a poor reputation.

Barracuda Reputation Block List
  • Also known as: BRBL

Database of IP addresses manually verified to be noted sources of spam.

Barracuda SSL VPN
  • Also known as: Secure Sockets Layer Virtual Private Network

Allows remote users to establish VPN connections via a web browser. With its mobile and desktop portals, the Barracuda SSL VPN provides seamless service without having to install and configure a fully blown VPN client. SSL VPN is also available on the Barracuda Firewall and NG Firewall.

Barracuda VPN Client

Component of the Barracuda Network Access Client, available for Windows, Linux and macOS. VPN client that secures mobile desktops connecting to the corporate LAN through the Internet.

Barracuda Web Security Agent
  • Also known as: WSA

A tamper-proof client that can be installed on remote, off-network laptops or desktops to help implement a consistent web security policy across localized and distributed workforces.

Bayesian analysis

A statistical procedure that estimates parameters of an underlying distribution based on the observed distribution.

BGP neighbors
  • Also known as: Border Gateway Protocol

BGP peers that are established by manual configuration between routers to create a TCP session on port 179. 

big-endian

Method of storing or transmitting data in which the most significant bit or byte is presented first. Compare with little-endian.

BIND
  • Also known as: Berkeley Internet Name Domain

The standard TCP/IP naming service that links network names with IP addresses.

block device

Storage device that moves data in sequences of bytes or bits (blocks). Example: hard disk, CD-ROM drive, flash drive.

block device mapping

Defines the block devices (instance store volumes and EBS volumes) to attach to an AWS instance. 

blocklist
  • Also known as: blacklist, block list, black list

List of domains, users, or hosts that are denied access, especially refers to mail and web traffic. Sometimes known as blacklist. Compare to allow list or whitelist.

Blowfish

Licence-free symmetric encryption algorithm that can be used as a replacement for the DES and IDEA algorithms.

Boolean search

Allows searchers to combine words and phrases using the words AND, OR, NOT (known as Boolean operators) to limit, broaden, or define a search.

bootloader
  • Also known as: boot loader

Loader for the operating system. A program that runs after completion of the self tests in the hard boot process, then loads and runs the software.

border gateway
  • Also known as: BGP

Router that communicates with routers in other autonomous systems.

Border Gateway Protocol
  • Also known as: BGP

A standardized dynamic routing protocol designed to exchange routing and reachability information between autonomous systems on the Internet.

Border Gateway Protocol Fast Reroute
  • Also known as: BGP FRR

When a BGP link fails, the CloudGen firewall can fast re-route traffic to the intended router via another linked next-hop router.

botnet

A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, for example, to send spam messages. The word botnet is a combination of the words “robot” and “network”.

box layer

An operating level of the Barracuda CloudGen Firewall. Services run on the box layer.

box level

A configurable operating instance of the Barracuda NextGen Control Center.

bridging

The action taken by network equipment to create an aggregate network from either two or more communication networks, or two or more network segments. Bridging is distinct from routing, which allows multiple different networks to communicate independently while remaining separate.

brute-force protection
  • Also known as: brute force protection

Protection against a brute-force attack, which consists of systematically checking all possible keys or passwords until the correct one is found. This type of attack uses a large number of attempts to gain access to a system.

BYOD
  • Also known as: Bring Your Own Device

The practice of allowing employees or members of an organization to use their own computers, phones, or other devices for work.

byte-level data deduplication

Data deduplication method that analyzes data streams at the byte level by performing a byte-by-byte comparison of new data streams versus previously stored ones.

Caching DNS service

Forwarding DNS service (BDNS) on the Barracuda CloudGen Firewall that acts as a DNS proxy to speed up DNS queries.

CAST

Licence-free symmetric encryption algorithm (key block cipher).

CC Access Control service

Box-level service on the Barracuda Firewall Control Center that specifies the number of days to delete access cache entries generated by activities traversing the Access Control Server.

CC Configuration service

Box-level service on the Barracuda CloudGen Control Center that allows remote configuration of both the Control Center and managed Barracuda CloudGen Firewalls.

CC DNS

Box-level service of the Barracuda NextGen Control Center that specifies DNS zones such as hosts, domains, and mail-exchangers.

CC Event service

Box-level service on the Barracuda Firewall Control Center that processes events generated by the managed CloudGen Firewalls.

CC Firewall

Box-level service on the Barracuda Firewall Control Center. The CC Firewall service has the same features as the firewall service on a CloudGen Firewall, except for Virus Scanning, URL Filtering, and ATD.

CC FW Audit Log service

Box-level service on the Barracuda Firewall Control Center that receives structured firewall data from managed CloudGen Firewalls and stores the firewall audit information in a relational database installed on the Control Center. 

CC PKI service
  • Also known as: Public Key Infrastructure

Box-level service on the Barracuda NextGen Control Center that is used for handling certificates.

CC Statistics Collector (dstatm)

Box-level service on the Barracuda CloudGen Control Center that collects raw data from the managed CloudGen Firewalls and processes it according to specified transfer settings.

CC Statistics Viewer (qstatm)

Box-level service on the Barracuda Firewall Control Center that collects raw data from the managed CloudGen Firewalls and processes it according to specified transfer settings.

CC syslog proxy

Box-level service of the Barracuda NextGen Control Center, used for syslog streaming.

CC Syslog service

Box-level service of the Barracuda NextGen Control Center that listens for and processes incoming log messages from managed boxes.

CC VPN service

Box-level service on the Barracuda NextGen Control Center that is responsible for tunnel termination and tunnel handling.

CC Firewall Audit Info Viewer 

Displays firewall data on the FWAUDIT tab of the Barracuda NextGen Control Center.

central management
  • Also known as: centralized management

Allows administrators to configure multiple units from a centralized location. For example, configuring multiple Barracuda CloudGen Firewall units from the Barracuda Firewall Control Center.

certificate

A document or seal certifying the authenticity of something. A digital certificate certifies the ownership of a public key. This allows relying parties to rely upon signatures or on assertions made about the private key that corresponds to the certified public key.

certification authority
  • Also known as: certificate authority, CA

In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates.

changelog

Log of configuration changes on the appliance. Can be found in the release notes of the product.

checksum

The result of a mathematical operation that uses the binary representation of a group of data as its basis, usually to check the integrity of the data.

CIDR
  • Also known as: classless interdomain routing

Technique supported by BGP4 and based on route aggregation. CIDR allows routers to group routes together in order to cut down on the quantity of routing information carried by the core routers. 

CIFS
  • Also known as: Common Internet File System

Standard for sharing files across the Internet.

CIPA
  • Also known as: Children's Internet Protection Act

Enacted by US Congress in 2000 to address concerns about children's access to obscene or harmful content over the Internet.

ClamAV

Virus scanning engine that is used by the Barracuda CloudGen Firewall F-Series. ClamAV is integrated in the Virus Scanner service.

Class A|B|C|D network

Classes of IP addresses as defined in the Internet Protocol hierarchy.

classic load balancer

In AWS, a Classic Load Balancer makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS), and supports either EC2-Classic or a VPC (virtual private cloud).

Client-to-Site VPN

Enables an encrypted connection to an organization'’s network from any desktop or mobile device. Contrast with site-to-site VPN.

cloaking

A search engine optimization (SEO) technique in which the content presented to the search engine spider is different from that presented to the user’'s browser.

cloud integration

AWS cloud integration allows the firewall to connect directly to the AWS service fabric to rewrite routes in AWS route tables and to retrieve information for the cloud element on the dashboard. Cloud integration also works with Azure.

cloud operating system

A computer operating system that is specially designed to run in a provider's datacenter and be delivered to the user over the Internet or another network. Windows Azure is an example of a cloud operating system or 'cloud layer' that runs on Windows Server 2008.

cloud portability

The ability to move applications and data from one cloud provider to another. This is the opposite of "vendor lock-in".

cloud storage

A model of data storage where the digital data is stored in logical pools, the physical storage spans multiple servers (and often locations), and the physical environment is typically owned and managed by a hosting company.

cloud-based encryption

A service offered by cloud storage providers whereby data is transformed using encryption algorithms and is then placed on a storage cloud.

Cloud-Generation Firewall
  • Also known as: NextGen Firewall, NG Firewall

Integrated network platform that combines a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed.

CloudFormation

AWS management tool that lets you create, manage, and update a collection of AWS resources using templates and allowing Json code for template deployment.

CloudFormation Stacks
  • Also known as: Amazon Web Services

Host uploaded content and can be deployed in CloudFormation, an AWS feature.

CloudFront

An AWS content delivery service that helps you improve the performance, reliability, and availability of your websites and applications.

cloudsourcing

Replacing traditional IT operations with lower-cost, outsourced cloud services.

CloudWatch

AWS management tool to monitor resources and applications. Aggregates data and metrics (cpu load, network throughput, disk io, etc), filters it, and provides alarm actions.

cluster-specific

Global settings that apply to a cluster on a Barracuda NextGen Control Center.

collision domain

In Ethernet, the network area within which frames that have collided are propagated. Repeaters and hubs propagate collisions. LAN switches, bridges and routers do not.

community string

Text string that acts as a password and is used to authenticate messages sent between a management station and a router containing an SNMP agent. The community string is sent in every packet between the manager and the agent.

compliance, regulatory

Regulatory compliance describes the steps organizations must take to comply with relevant laws and regulations.

compression, bandwidth
  • Also known as: bandwidth compression

A reduction in either the time to transmit or in the amount of bandwidth required to transmit data.

compression, data
  • Also known as: data compression

The process of encoding digital information by using fewer bits.

compression, HTTP
  • Also known as: HTTP compression

Capability in web servers and web clients to improve transfer speed and bandwidth utilization.

concentrator

A synonym for a multi-port repeater that may also perform bridging and routing functions.

confirmation page

Feature of the Barracuda NextGen Firewall, allows you to control access to the Internet or other networks by only allowing authenticated users. 

congestion

Traffic in excess of network capacity.

connection draining
  • Also known as: Amazon Web Services

AWS feature, lets you scale down EC2 instances to reduce sessions.

connection object

A firewall object that can be applied to an access rule on the Barracuda CloudGen Firewall. A connection object defines the egress interface and source (NAT) IP address for traffic matching the rule.

content stripping
  • Also known as: strip

Configuring your mail gateway to remove certain types of content, like attachments and HTML tags, from email, before sending it to the recipient.

CPU emulation

Masks the virtualization environment, so payload can be detonated more effectively.

cronjob

Configurable schedule for specific commands to be executed once or on a regular basis.

cross region replication

Feature of S3 storage class in AWS. Once enabled, every object uploaded to a particular S3 bucket is automatically replicated to a designated destination bucket located in a different AWS region.

CudaLaunch

Barracuda remote access client for mobile and desktop devices that provides VPN access and allows administrators to manage dynamic firewall rules.