Glossary

Main page of many Barracuda Networks product interfaces, providing a summary of the system. Formerly known as the Status tab.

A facility used to house computer systems and associated components, such as telecommunications and storage systems.

Data Theft means the illegal copy of personal information of other individuals or business. The information may be social security number, passwords, credit card information, other personal information, and/or other confidential corporate information. Barracuda WAF helps prevent unintended exposure of such data by matching response body information with pre-defined data theft patterns.

Occurs when data or a data stream is stored in a location too short to hold its entire length. May occur automatically, such as when a long string is written to a smaller buffer, or deliberately, when only a portion of the data is wanted.

Document that summarizes the performance and other technical characteristics of a product, machine, component (e.g., an electronic component), material, a subsystem (e.g., a power supply) or software in sufficient detail to be used by a design engineer to integrate the component into a system.

When configured with Microsoft Active Directory (MSAD) authentication, the Barracuda DC Agent (Domain Controller Agent) allows transparent authentication monitoring with the Barracuda Networks products and Microsoft domain controllers.

Remote procedure call system that allows programmers to write distributed software without having to worry about the underlying network code.

A Distributed Denial of Service is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to users by temporarily or indefinitely disrupting services of a host connected to the Internet, using more than one, often thousands of, unique IP addresses.

An Internet hosting option where an organization leases an entire server, fully dedicated to their use. This is also an option in the public cloud. The price for a Dedicated Host varies by instance family, region, and payment option.

Amazon EC2 instance that runs on single-tenant hardware dedicated to a single customer.

An option you can purchase from a cloud vendor to guarantee that sufficient capacity will be available to launch Dedicated Instances into a virtual private cloud (VPC).

​Method of removing redundancies from data before transmission.

A form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions, or defined criteria to decide whether the packet may pass or if it needs to be routed to a different destination.

A physical or logical sub-network that contains and exposes an organization’s external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN). An external network node has direct access only to equipment in the DMZ, rather than to any other part of the network.

In AWS CodeDeploy, a set of individually tagged instances, EC2 instances in Auto Scaling groups, or both.

Changing the destination address/port in the IP header of a packet. Example: redirecting incoming packets with a destination of a public address/port to a private IP address/port inside the network.

The standalone form of the high availability (HA) cluster, that does not use the NextGen Control Center.

Allows passing DHCP broadcast messages to network segments a client computer is not directly attached to.

The DHCP service on the CloudGen Firewall automatically assigns IP addresses to clients that reside in a defined subnet.

Key exchange algorithm that allows two devices to establish a shared secret over an unsecure network.

A mathematical scheme for demonstrating the authenticity of a digital message or document.

An option associated with a destination server that allows for increased outbound traffic throughput when performing sustained uploads, such as streamed audio or visual media.

Involves a set of policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.

A distribution form of Linux. For example, Red Hat and SuSe.

Distributed database that translates domain names, like www.example.com, into unique IP address.

A temporary database, maintained by a computer's operating system, that contains records of all recent visits and attempted visits to websites and other Internet domains.

Allows redirection or blocking of DNS queries for specific domains. In the Barracuda CloudGen Firewall, this is achieved by applying policies. When creating a policy, you can also specify allowing (whitelisting) certain domains.

Database record used to map a URL to an IP address.

The collection of DNS records in a zone that have the same name and are of the same type. Also known as a resource record set.

Filtering mail traffic based on a DNS reputation database. Used by the Spam Filter service (blacklist, DNSBL).

Service on the Barracuda CloudGen Firewall F-Series that makes the firewall an authoritative DNS server, returning definitive answers to DNS queries about domain names specified in its configuration.

A DNS server that gives out false information, to prevent the use of a domain name. Also known as a black hole DNS.

Portion or administrative space within the global Domain Name System (DNS). Each DNS zone represents a boundary of authority, subject to management by certain entities. The total of all DNS zones are organized in a hierarchical, tree-like order of cascading lower-level domains and form the DNS namespace.

Open-source software that automates the deployment of applications inside virtualized software containers.

A layered file system template that is the basis of a Docker container. Docker images can comprise specific operating systems or applications.

Email authentication method designed to detect email spoofing.

A  cyber-attack where the perpetrator seeks to make a computer or network resource unavailable to users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of Service attacks are typically accomplished by flooding the target with superfluous requests in an attempt to overload systems and prevent legitimate requests from being fulfilled. See also Distributed Denial of Service or DDoS.

Access rule that redirects traffic sent to an external IP address to a destination in the internal network.

A forwarding acces rule with a time schedule.

A central firewall acts as VPN hub. Remote units are connected by a static tunnel. When relay traffic from a remote firewall to another remote NextGen Firewall is detected by the hub, a dynamic VPN tunnel is imitated between the two remote firewalls. 

Term used in context with Traffic Intelligence (TI). Using dynamic path selection, the session is balanced depending on the amount of traffic.

Routing that adjusts automatically to network topology or traffic changes. Also called adaptive routing.

Protocol used for dynamic routing. The Barracuda CloudGen Firewall provides dynamic routing support for OSPF, RIP, and BGP.

A fully managed Amazon NoSQL database service that provides fast and predictable performance with seamless scalability.

Forms a central part of AWS by allowing users to rent virtual computers on which to run their own computer applications.

Used by the AWS service CloudFront. Feature that offers content to end users via geographically closer locations to improve their experience.

Internet protocol for exchanging routing information between autonomous systems. 

A web service for deploying and managing applications in the AWS cloud without worrying about the infrastructure that runs those applications.

The ability to dynamically provision and deprovision computing and storage resources to stretch to the demands of peak usage, without the need to worry about capacity planning and engineering around uneven usage patterns.

AWS web service that improves an application's availability by distributing incoming traffic between two or more EC2 instances.

An open-source, real-time, distributed search and analytics engine used for full-text search, structured search, and analytics. Elasticsearch was developed by the Elastic company.

Encrypting email messages to prevent their content by being read by anyone other than the intended recipient.

Placing one protocol inside of another. 

To convert information or data into a cipher or code, especially to prevent unauthorized access. Antonym: unencrypt. 

Provides Barracuda Networks products with protection from the latest Internet threats. These updates are sent out hourly, or more frequently if needed, to ensure that appliances always have the latest and most comprehensive protection. Barracuda Energize Updates subscriptions must be purchased with any Barracuda Networks appliance. Includes basic support, firmware maintenance, security updates, and early release firmware.

A networking system that allows communication and resource sharing among all of a company's business functions and workers.

The use of a master key and a data key to algorithmically protect data. The master key is used to encrypt and decrypt the data key and the data key is used to encrypt and decrypt the data itself.

Local area network technology that uses special twisted pair or fiber optical cables. As per the OSI model, Ethernet provides services up to and including the data link layer.

Ethernet bundles combine multiple physical ports to a single virtual link to increase the physical bandwidth available for the connection.

Contract between the Barracuda and the purchaser, establishing the purchaser's right to use Barracuda software.

Bypassing an information security device in order to deliver an exploit, attack, or other form of malware to a target network or system, without detection.

The use of software, data, or commands to 'exploit' a weakness in a computer system or program to carry out some form of malicious intent, such as a denial-of-service attack, Trojan horses, worms, or viruses.

Lists of IP addresses from which potential spam originates.

A result that indicates a given condition is present, when it is not.

A named collection that represents specific networks, services, applications, user groups, or connections for reference in access rules on the Barracuda CloudGen Firewall. 

Model version of a Barracuda Networks product.

A Denial of Service (DoS) attack that is designed to bring a network or service down by flooding it with large amounts of traffic.

AWS service that enables you to capture information about the IP traffic going to and from network interfaces in a VPC.

Techniques of examining digital media with the aim of identifying, preserving, recovering, analyzing, and presenting facts and opinions about the digital information.

Forward lookup zones support the primary function of Domain Name System (DNS), that is, the resolution of host names to IP addresses.

An intermediary for requests from clients under an administrator's control to areas that are not under the administrator's control. Sometimes called "proxy" without the word "forward".

Configurable firewall service of the Barracuda CloudGen Firewall. The Forwarding Firewall service can be added to every virtual server.

The Fully Qualified Domain Name includes host name, as well as all enclosing domains, and is often distinguished by the use of a terminating dot: (host.subdomain.domain.).

The front end is responsible for collecting input in various forms from the user.

The front-end server is an extension of the back-end server and is designed to provide scalability.

The Secure Access Concentrator (FSAC) device is a Barracuda NextGen FSC-Series feature that forwards management traffic from Secure Connectors (FSACs) to a NextGen Control Center.

A Secure Connector (FSC) device is a Barracuda CloudGen FSC-Series feature that connects to a regional Secure Access Concentrator (FSAC) via TINA VPN, that then forwards management traffic to a Firewall Control Center.

A firewall service on tha Barracuda CloudGen Firewall FSC-Series that allows you to create rules defining access, source, and destination NAT based on network zones defined for Secure Connectors (FSCs).

Standard network protocol used to transfer files between a client and server on a computer network.

Service on the Barracuda CloudGen Firewall that provides access to an FTP server, handles FTP traffic, and lets the administrator define user-specific profiles with permissions and restrictions for FTP access.

Allows the proxy to control FTP traffic. When a client uploads or downloads files, the proxy identifies the traffic as FTP, allowing the appliance to control file transfers using TCP optimization and caching.

Extension to FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.

A communication system between two entities in which either entity can transmit simultaneously. Compare to half duplex.