It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Glossary

dashboard

Main page of many Barracuda Networks product interfaces, providing a summary of the system. Formerly known as the Status tab.

data center

A facility used to house computer systems and associated components, such as telecommunications and storage systems.

Data Theft Protection
  • Also known as: DLP, Data Leak Prevention, Data Loss Prevention

Data Theft means the illegal copy of personal information of other individuals or business. The information may be social security number, passwords, credit card information, other personal information, and/or other confidential corporate information. Barracuda WAF helps prevent unintended exposure of such data by matching response body information with pre-defined data theft patterns.

data truncation
  • Also known as: truncate

Occurs when data or a data stream is stored in a location too short to hold its entire length. May occur automatically, such as when a long string is written to a smaller buffer, or deliberately, when only a portion of the data is wanted.

datasheet

Document that summarizes the performance and other technical characteristics of a product, machine, component (e.g., an electronic component), material, a subsystem (e.g., a power supply) or software in sufficient detail to be used by a design engineer to integrate the component into a system.

DC Agent

When configured with Microsoft Active Directory (MSAD) authentication, the Barracuda DC Agent (Domain Controller Agent) allows transparent authentication monitoring with the Barracuda Networks products and Microsoft domain controllers.

DCE-RPC
  • Also known as: Distributed Computing Environment Remote Procedure Call

Remote procedure call system that allows programmers to write distributed software without having to worry about the underlying network code.

DDoS
  • Also known as: Distributed Denial of Service

A Distributed Denial of Service is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to users by temporarily or indefinitely disrupting services of a host connected to the Internet, using more than one, often thousands of, unique IP addresses.

dedicated host

An Internet hosting option where an organization leases an entire server, fully dedicated to their use. This is also an option in the public cloud. The price for a Dedicated Host varies by instance family, region, and payment option.

dedicated instance

Amazon EC2 instance that runs on single-tenant hardware dedicated to a single customer.

dedicated reserved instance

An option you can purchase from a cloud vendor to guarantee that sufficient capacity will be available to launch Dedicated Instances into a virtual private cloud (VPC).

deduplication
  • Also known as: intelligent compression, single-instance storage

​Method of removing redundancies from data before transmission.

deep packet inspection
  • Also known as: DPI

A form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions, or defined criteria to decide whether the packet may pass or if it needs to be routed to a different destination.

demilitarized zone
  • Also known as: DMZ

A physical or logical sub-network that contains and exposes an organization’s external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN). An external network node has direct access only to equipment in the DMZ, rather than to any other part of the network.

deployment group
  • Also known as: Amazon Web Services

In AWS CodeDeploy, a set of individually tagged instances, EC2 instances in Auto Scaling groups, or both.

destination NAT

Changing the destination address/port in the IP header of a packet. Example: redirecting incoming packets with a destination of a public address/port to a private IP address/port inside the network.

DHA
  • Also known as: Dedicated High Availability, Direct High Availability

The standalone form of the high availability (HA) cluster, that does not use the NextGen Control Center.

DHCP Relay service
  • Also known as: DHCP Relay agent, Dynamic Host Configuration Protocol

Allows passing DHCP broadcast messages to network segments a client computer is not directly attached to.

DHCP service

The DHCP service on the CloudGen Firewall automatically assigns IP addresses to clients that reside in a defined subnet.

Diffie-Hellman
  • Also known as: DH

Key exchange algorithm that allows two devices to establish a shared secret over an unsecure network.

digital signature

A mathematical scheme for demonstrating the authenticity of a digital message or document.

direct server return
  • Also known as: DSR

An option associated with a destination server that allows for increased outbound traffic throughput when performing sustained uploads, such as streamed audio or visual media.

disaster recovery

Involves a set of policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.

distro
  • Also known as: Linux Distribution

A distribution form of Linux. For example, Red Hat and SuSe.

DNS
  • Also known as: Domain Name System

Distributed database that translates domain names, like www.example.com, into unique IP address.

DNS Cache
  • Also known as: DNS resolver cache

A temporary database, maintained by a computer's operating system, that contains records of all recent visits and attempted visits to websites and other Internet domains.

DNS interception

Allows redirection or blocking of DNS queries for specific domains. In the Barracuda CloudGen Firewall, this is achieved by applying policies. When creating a policy, you can also specify allowing (whitelisting) certain domains.

DNS record

Database record used to map a URL to an IP address.

DNS record set

The collection of DNS records in a zone that have the same name and are of the same type. Also known as a resource record set.

DNS reputation filtering

Filtering mail traffic based on a DNS reputation database. Used by the Spam Filter service (blacklist, DNSBL).

DNS service

Service on the Barracuda CloudGen Firewall F-Series that makes the firewall an authoritative DNS server, returning definitive answers to DNS queries about domain names specified in its configuration.

DNS sinkhole

A DNS server that gives out false information, to prevent the use of a domain name. Also known as a black hole DNS.

DNS zone

Portion or administrative space within the global Domain Name System (DNS). Each DNS zone represents a boundary of authority, subject to management by certain entities. The total of all DNS zones are organized in a hierarchical, tree-like order of cascading lower-level domains and form the DNS namespace.

Docker

Open-source software that automates the deployment of applications inside virtualized software containers.

Docker image

A layered file system template that is the basis of a Docker container. Docker images can comprise specific operating systems or applications.

DomainKeys Identified Mail
  • Also known as: DKIM

Email authentication method designed to detect email spoofing.

DoS attack
  • Also known as: Denial of Service attack, spoofing

A  cyber-attack where the perpetrator seeks to make a computer or network resource unavailable to users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of Service attacks are typically accomplished by flooding the target with superfluous requests in an attempt to overload systems and prevent legitimate requests from being fulfilled. See also Distributed Denial of Service or DDoS.

Dst NAT rule
  • Also known as: Destination NAT Firewall Rule

Access rule that redirects traffic sent to an external IP address to a destination in the internal network.

dynamic firewall rule

A forwarding acces rule with a time schedule.

dynamic mesh site-to-site VPN

A central firewall acts as VPN hub. Remote units are connected by a static tunnel. When relay traffic from a remote firewall to another remote NextGen Firewall is detected by the hub, a dynamic VPN tunnel is imitated between the two remote firewalls. 

dynamic path selection

Term used in context with Traffic Intelligence (TI). Using dynamic path selection, the session is balanced depending on the amount of traffic.

dynamic routing

Routing that adjusts automatically to network topology or traffic changes. Also called adaptive routing.

dynamic routing protocol

Protocol used for dynamic routing. The Barracuda CloudGen Firewall provides dynamic routing support for OSPF, RIP, and BGP.

DynamoDB

A fully managed Amazon NoSQL database service that provides fast and predictable performance with seamless scalability.

EC2
  • Also known as: Amazon Elastic Compute Cloud

Forms a central part of AWS by allowing users to rent virtual computers on which to run their own computer applications.

edge location

Used by the AWS service CloudFront. Feature that offers content to end users via geographically closer locations to improve their experience.

EGP
  • Also known as: Exterior Gateway Protocol

Internet protocol for exchanging routing information between autonomous systems. 

Elastic Beanstalk

A web service for deploying and managing applications in the AWS cloud without worrying about the infrastructure that runs those applications.

elastic computing

The ability to dynamically provision and deprovision computing and storage resources to stretch to the demands of peak usage, without the need to worry about capacity planning and engineering around uneven usage patterns.

elastic load balancer

AWS web service that improves an application's availability by distributing incoming traffic between two or more EC2 instances.

Elasticsearch

An open-source, real-time, distributed search and analytics engine used for full-text search, structured search, and analytics. Elasticsearch was developed by the Elastic company.

email encryption

Encrypting email messages to prevent their content by being read by anyone other than the intended recipient.

encapsulation

Placing one protocol inside of another. 

encrypt

To convert information or data into a cipher or code, especially to prevent unauthorized access. Antonym: unencrypt. 

Energize Updates

Provides Barracuda Networks products with protection from the latest Internet threats. These updates are sent out hourly, or more frequently if needed, to ensure that appliances always have the latest and most comprehensive protection. Barracuda Energize Updates subscriptions must be purchased with any Barracuda Networks appliance. Includes basic support, firmware maintenance, security updates, and early release firmware.

enterprise network

A networking system that allows communication and resource sharing among all of a company's business functions and workers.

envelope encryption

The use of a master key and a data key to algorithmically protect data. The master key is used to encrypt and decrypt the data key and the data key is used to encrypt and decrypt the data itself.

Ethernet

Local area network technology that uses special twisted pair or fiber optical cables. As per the OSI model, Ethernet provides services up to and including the data link layer.

Ethernet bundle

Ethernet bundles combine multiple physical ports to a single virtual link to increase the physical bandwidth available for the connection.

EULA

Contract between the Barracuda and the purchaser, establishing the purchaser's right to use Barracuda software.

evasion

Bypassing an information security device in order to deliver an exploit, attack, or other form of malware to a target network or system, without detection.

exploit

The use of software, data, or commands to 'exploit' a weakness in a computer system or program to carry out some form of malicious intent, such as a denial-of-service attack, Trojan horses, worms, or viruses.

external blocklist services
  • Also known as: RBLs, DNSBLs

Lists of IP addresses from which potential spam originates.

external Control Center admins

false positive

A result that indicates a given condition is present, when it is not.

firewall object

A named collection that represents specific networks, services, applications, user groups, or connections for reference in access rules on the Barracuda CloudGen Firewall. 

firmware

Model version of a Barracuda Networks product.

flooding

A Denial of Service (DoS) attack that is designed to bring a network or service down by flooding it with large amounts of traffic.

Flow Logs

AWS service that enables you to capture information about the IP traffic going to and from network interfaces in a VPC.

forensics

Techniques of examining digital media with the aim of identifying, preserving, recovering, analyzing, and presenting facts and opinions about the digital information.

forward lookup zone

Forward lookup zones support the primary function of Domain Name System (DNS), that is, the resolution of host names to IP addresses.

forward proxy

An intermediary for requests from clients under an administrator's control to areas that are not under the administrator's control. Sometimes called "proxy" without the word "forward".

Forwarding Firewall service

Configurable firewall service of the Barracuda CloudGen Firewall. The Forwarding Firewall service can be added to every virtual server.

FQDN
  • Also known as: Fully Qualified Domain Name

The Fully Qualified Domain Name includes host name, as well as all enclosing domains, and is often distinguished by the use of a terminating dot: (host.subdomain.domain.).

front end

The front end is responsible for collecting input in various forms from the user.

front-end server

The front-end server is an extension of the back-end server and is designed to provide scalability.

FSAC
  • Also known as: Secure Access Concentrator

The Secure Access Concentrator (FSAC) device is a Barracuda NextGen FSC-Series feature that forwards management traffic from Secure Connectors (FSACs) to a NextGen Control Center.

FSC
  • Also known as: Secure Connector

A Secure Connector (FSC) device is a Barracuda CloudGen FSC-Series feature that connects to a regional Secure Access Concentrator (FSAC) via TINA VPN, that then forwards management traffic to a Firewall Control Center.

FSC Firewall

A firewall service on tha Barracuda CloudGen Firewall FSC-Series that allows you to create rules defining access, source, and destination NAT based on network zones defined for Secure Connectors (FSCs).

FTP
  • Also known as: File Transfer Protocol

Standard network protocol used to transfer files between a client and server on a computer network.

FTP Gateway service

Service on the Barracuda CloudGen Firewall that provides access to an FTP server, handles FTP traffic, and lets the administrator define user-specific profiles with permissions and restrictions for FTP access.

FTP proxy

Allows the proxy to control FTP traffic. When a client uploads or downloads files, the proxy identifies the traffic as FTP, allowing the appliance to control file transfers using TCP optimization and caching.

FTPS

Extension to FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.

full duplex

A communication system between two entities in which either entity can transmit simultaneously. Compare to half duplex.