Glossary

Object-based, scalable object storage in the AWS cloud.

Software licensing and delivery system in which software is licensed on a subscription basis and is centrally hosted.

Feature of Google Search that acts as an automated filter of pornography and potentially offensive content.

An online SaaS company that is best known for delivering customer relationship management (CRM) software to companies over the Internet.

A version of the SAML standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority (an identity provider) and a SAML consumer (a service provider). SAML 2.0 enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.

A security mechanism for separating untested or untrusted programs or code, without risking harm to the host environment.

The suitability of a network system to operate properly and efficiently when configured on a large scale.

Network layer protocol that provides extended routing, flow control, segmentation, connection orientation, and error correction facilities in Signaling System 7 telecommunications networks.

Protocol that supports the secure issuing of certificates to network devices in a scalable manner, using existing technology whenever possible. 

A specification (ANSI X3T9.2) for a short distance Local Area Network (up to 6 meters) using bus topology for up to eight devices. 

A wide area network controlled by software. Control and data are decoupled, simplifying both network hardware and management.

Set of software development tools that allows the creation of applications for a certain software package.

A port on a computing device that is capable of either transmitting or receiving one bit at a time. 

The Barracuda Server Agent is used to proxy traffic for resources located in a network that cannot be reached directly by the Barracuda SSL VPN.

Certificate for a server, signed by a valid, trusted entity, that allows access without further validation.

Certificate for a service, signed by a valid, trusted entity, that allows access without further validation. 

A firewall object that references services on the Barracuda CloudGen Firewall. Can be applied to an access rule. 

The layer in the OSI 7-Layer Model that is concerned with managing the resources required for the session between two computers.

A secure hash algorithm, or a set of algorithms, developed by the National Institutes of Standards and Technology (NIST) and other government and private parties.

Algorithm that reads its input exactly once, in order, without unbounded buffering. Generally requires O(n) time and less than O(n) storage (typically O), where n is the size of the input.

A session and user authentication service that permits a user to use one set of login credentials to access multiple applications. 

Communications protocol for signaling and controlling multimedia communication session such as voice and video calls.

In VoIP (Voice over Internet Protocol) technology, SIP proxies are elements that route SIP requests to user agent servers and SIP responses to user agent clients. The SIP Proxy service on the Barracuda NextGen Firewall helps establish a VOIP call with an external SIP provider.

Securely connects entire networks to each other, for example, connecting a branch office network to a company headquarters network.

A contractual agreement by which a service provider defines the level of service, responsibilities, priorities, and guarantees regarding availability, performance, and other aspects of the service.

Operates as an application-layer network protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network.

Multi-Factor Authentication (MFA) solution that adds an extra security layer for a broad range of authentication clients.

Internet standard for electronic mail transmission.

IBM's communications architecture and strategy.

Capture of the state of a system at a particular point in time.

A standard for management of networked devices using a simple request-response data retrieval mechanism. Used for collecting information, along with configuring network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.

The SNMP service is used to remotely monitor the network and system state of a Barracuda NextGen Firewall using a network management system (NMS).

Feature to push notifications to mobile services and trigger actions, in Amazon Web Services (AWS).

Network package format for time synchronization, similar to NTP, only recommended for simple applications.

A nine-digit number issued to U.S. citizens, permanent residents, and temporary (working) residents for social security purposes.

Changing the source address/port in the IP header of a packet. Example: changing a private IP address/port into a public address/port in the IP header of a packet leaving the network.

Used when the source IP address of the connection determines, either in whole or in part, which route is used.

Unwanted email messages, usually for advertising purposes and usually sent in bulk.

Service on the Barracuda CloudGen Firewall that detects, filters, and removes spam.

Mail filter that is integrated in the Barracuda NextGen Firewall SPAM Filter service.

An email address that is set up by an anti-spam entity, not for correspondence, but to monitor unsolicited email. 

A protocol enabling the owner of an Internet domain to specify which computers are authorized to send mail with envelope-from addresses from their own domain. 

Putting jobs in a buffer, a special area in memory, or on a disk where a device can access them when the device is ready. Spooling is useful because devices access data at different rates. The buffer provides a waiting station where data can rest while the slower device catches up.

Purchasing option that allows a customer to purchase unused Amazon EC2 computer capacity at a highly-reduced rate.

Software that gathers information about a person or organization without their knowledge.

A standard metalanguage for data base access and management.

Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing service.

A solid-state storage device that uses integrated circuit assemblies as memory to store data persistently.

Service on the Barracuda NextGen Firewall that allows regulating SSH connections. 

Standard security technology for establishing an encrypted link between a server and a client - typically a web server and a browser, or a mail server and a mail client.

A digital certificate that is installed on a web server, authenticates the identity of the website, and encrypts the data that is transmitted.

The standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.Transport Layer Security (TLS) is the successor to SSL, and is sometimes referred to as "SSL".

SSL Inspection transparently unencrypts, inspects, and and re-encrypts HTTPS traffic. Also has the ability to block a small section of an HTTP site (for example, allowing Google traffic, but blocking Google Play).

Barracuda CloudGen Firewall feature, used to examine HTTP/S traffic.

VPN client that can be installed on the Barracuda CloudGen Firewall and then accessed through the Barracuda SSL VPN web portal. (Barracuda SSL VPN is a different product.)

Service on the Barracuda CloudGen Firewall that manages SSL VPN connections. (Barracuda SSL VPN is a different product.)

Firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.

Route that is explicitly configured and entered into the routing table. Static Routes take precedence over routes chosen by dynamic routing protocols.

Hosting of a static website in Amazon S3. When a bucket is enabled for Static website hosting, all content is accessible to web browsers via the Amazon S3 website endpoint of the bucket.

Procedure that defines how statistic logs are processed and how long they are kept on a system.

Services that collect data from systems and process it according to specified transfer settings.

A secure account that gives you access to services in Microsoft Azure storage.

Data compression technique used in wireless networks.

Method to combine performance and throughput of Amazon EBS volumes to a single logical volume.

OSPF area that carries a default route, intra-area routes, and interarea routes, but does not carry external routes. Virtual links cannot be configured across a stub area, and they cannot contain an ASBR.

Offloading large attachments from a mail server.

Partitioning of an IP address space into several smaller address spaces.

Method for handling of log file messages that are to be transferred to another system for analyzing purposes.

A service for external authentication that provides centralized user and group management and offers extended logging options.

An intrusion into a network cable by a connector.

Improves the TCP stack and brings uniformity to TCP sessions. Mitigates the inherent lack of performance in TCP slow start and general flow control, which can slow data transfers. TFO techniques fill the pipe and reduce latency, resulting in faster transfers and optimal bandwidth use.

The TCP Proxy is placed between browser and web server and filters requests and responses in TCP streams.

Part of the processing of TCP IP traffic that consists of fragmenting, sending, and reassembling packets.

A Transport and Network Layer Protocol, respectively, used for communication in the Internet and often in private networks.

A protocol to access a remote computer system, often a Unix system, over the network. Origin: Teletype Network.

A time-restricted grant of access to certain areas that are usually off-limits, without having to change the usual organization's policy. For example, for a special project on a certain date, teachers can grant temporary access for students to view specific domains or categories of domains that are usually blocked by school policy.

Communications processor that connects asynchronous devices such as terminals, printers, hosts, and modems to any LAN or WAN that uses TCP/IP, X.25, or LAT protocols.

A simplified version of FTP (file tranfer protocol).

The path along which an attack occurs, like a web application, email, or a remote user.

The automatic restricting or slowing down of a process based on one or more limits.

A sub-feature of Guest Access that allows administrators to create voucher codes for access authentication.

A date/time string to mark an occurrence of an event. 

The abbreviation TINA stands for Transport-Independent Network Architecture. It is the Barracuda VPN protocol. The Barracuda VPN protocol. A proprietary extension of the IPsec protocol developed to improve VPN connectivity and availability over the standard IPsec protocol.

The last part of a hostname.

In addition to site-to-site VPN, enables locations to maintain connectivity even if one or more transports are down. See also Dynamic Path Selection.

Feature that is designed to improve the speed and reliability of business-critical applications by prioritizing important traffic.

A WAN optimization technique that allows a certain amount of available bandwidth for mission critical applications and traffic. See also Traffic Shaping.

Traffic shaping prioritizes network resources according to factors such as time of day, application type, and user identity. Used to optimize or guarantee performance, improve latency, and/or increase usable bandwidth for some kinds of network traffic by delaying other kinds.

A central VPC, configured to minimize the number of connections required to connect multiple VPCs and remote networks.

A VPN client that lets you establish transparent network access (Layer 3) to internal company network infrastructures.

Synchronization of all forward packet sessions (inbound and outbound TCP, UDP, ICMP-Echo, and other IP protocols) of the firewall server between two HA partners. 

The HTTP Proxy operates transparently to the clients in the network.

Cryptographic protocol that provides communications security over a computer network.

Enables the Barracuda NextGen Firewall to authenticate users with login information from a Microsoft Terminal Server.

Enable you to create network routes for traffic between subnets and to the Internet.

A third generation mobile cellular system for networks based on the GSM standard.

To decrypt encrypted data. The antonym of encrypt.

Product or system.

Barracuda's database of web sites, with policies set by category. URLs are checked against the database and access granted or denied based on your policies. For example, you can prevent company staff from surfing on Facebook or adult sites during office hours.

A firewall object that can be applied to an application rule on the Barracuda CloudGen Firewall. Application rules containing this type of object are only processed if the URL categories defined in the object are detected.

URL filtering service on the Barracuda NextGen Firewall F-Series that can use two Web Security Gateway engines.

Software that acts on behalf of the user. For example, an agent might give information about a user's browser and operating system to a web site.

List of keywords used for content negotiation in HTTP, where the origin server selects suitable parameters for a response. Contributes to the information that the client sends to the server.

Security term for traffic monitoring based on username, host, and IP address.

A firewall object that references users and groups. Can be applied to an access or application rule on the Barracuda CloudGen Firewall. 

The evolution of the traditional firewall into an all-inclusive security product, able to perform multiple security functions within one single system.