Glossary

Symmetric-key block cipher used in data encryption that applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.

Wireless networking standard that uses multiple antennas to increase data rates. 

IEEE 802.1Q is a standard for virtual LANs (VLANs) on an Ethernet network that defines VLAN tagging for Ethernet frames and frame handling for bridges and switches, and contains provisions for a quality of service prioritization scheme (IEEE 802.1p). It also defines the Generic Attribute Registration Protocol.

A hardware addition to an existing computing device that increases the computer's processing speed and capabilities.

Constrains the flow of traffic by individual IP address or by a range of IP addresses.

Forwarding rule that determines how clients on a source network access resources on a destination network.

Enables you to configure Microsoft Exchange accounts on a mobile device.

Technique of analyzing request and response traffic to generate customized security profiles for the web application. See also exception profiling. 

Software utility that can be used in conjunction with a device or service; for example, Barracuda Outlook Add-In.

A piece of software that enhances another software application and usually cannot be run independently.

Technique that allows different protocols to interoperate by translating addresses from one format to another.

Malicious cyber attacks directed at a specific target, usually over a long period of time. APTs are often run by professional organizations, looking to steal information rather than just money.

Service that analyzes inbound email attachments with most MIME types in a separate, secured cloud environment, detecting new threats and determining whether to block such messages. Formerly known as Advanced Threat Detection, or ATD.

A specification for the encryption of electronic data. 256-bit refers to the key length and is the maximum value.

Amazon's public cloud platform that lets you build, deploy, and manage applications across a global network of datacenters.

AWS template that contains configuration, application server, and applications required to launch an EC2 AWS Instance.

Mobile device operating system. Compare to Apple iOS.

Protection against network attacks that combine several different known evasion methods to create a new technique that is delivered over several layers of the network simultaneously. 

Protection against attacks that involve obfuscated code. Obfuscation may involve encrypting code, stripping out potentially revealing metadata, renaming useful class and variable names, or adding meaningless code to an application binary. 

Antivirus software, abbreviated: AV. Used to prevent, detect and remove malicious software.

 A set of tools and procedures provided by the programmer of an application so that other programmers can control, exchange data with, or extend the functionality of an application.

Access Point Name provided by an ISP for wireless WAN connections.

Apple mobile operating system for devices such as iPhone and iPad. Compare to Android.

Device or piece of equipment.

Layer 7 of the OSI reference model. This layer provides services to application processes (such as electronic mail, file transfer, and terminal emulation) that are outside of the OSI model.

AWS feature that makes routing decisions at the application layer (HTTP/S), supports path-based routing, and can route requests to one or more ports on each EC2 instance or container instance in a VPC.

Firewall rule that allows you to block or throttle traffic for detected applications.

Protocol for mapping IP addresses to physical addresses such as Ethernet or Token Ring.

Type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network.

Referring to a standard 7-bit character system that includes the alphanumeric characters and printer control codes.

Name server that gives answers in response to queries about names in a DNS zone.

Associated with DNS. A section of the domain-name tree for which one name server is the authority.

A web service designed to launch or terminate AWS instances automatically based on user-defined policies, schedules, and health checks.

A representation of multiple EC2 instances that share similar characteristics, and that are treated as a logical grouping for the purposes of instance scaling and management.

Collection of networks under a common administration sharing a common routing strategy. Autonomous systems are subdivided by areas. An autonomous system must be assigned a unique 16-bit number by the IANA. 

A distinct location within an AWS region that is insulated from failures in other Availability Zones, and provides inexpensive, low-latency network connectivity to other Availability Zones in the same region.

Enables you to use the Internet privately through AWS cloud services by linking your internal network to an AWS Direct Connect location. You can create virtual interfaces directly to the AWS cloud and to Amazon VPC, bypassing Internet service providers in your network path.

A managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices.

A named set of AWS resources in the same geographical area. A region comprises at least two Availability Zones.

A simple and intuitive web-based user interface to access and manage AWS.

Microsoft's public cloud platform that lets you build, deploy, and manage applications across a global network of datacenters.

Azure deployment mode that enables you to work with the resources in your solution as a group. Recommended for new deployments.

Part of the back-end process, that usually consists of server, application, and database. The back end is where the technical processes happen, as opposed to the front end, which is usually where the user's interaction occurs.

Referring to the Internet, a central network that provides a pathway for other networks to communicate.

Operating mode for Ethernet bundles where the link is chosen by calculating the hash out of the source/destination MAC (Layer 2) combined with the IP addresses (Level 3).

Rate of data transfer, usually expressed in multiples of bits per second (bps).

Online documentation and training material for all Barracuda Networks products, located at campus.barracuda.com. Contains feature descriptions, how-to articles, and release notes. Formerly known as Barracuda University and Barracuda TechLibrary.

Provides a wide range of statistics, threat information, and a number of useful services to help manage and secure your network. Shares information with Barracuda Networks customers and the Internet security community. 

A complementary component of all Barracuda Networks products, providing an added layer of protection and scalability.

A comprehensive cloud-based service that enables administrators to monitor and configure multiple Barracuda Networks products from a single console.

Enterprise-grade, cloud-generation firewall, purpose-built for efficient deployment and operation within dispersed, highly dynamic, and security-critical network environments.The product was formerly known as Barracuda NextGen Firewall or Barracuda NG Firewall and in Q1 2018 got renamed to CloudGen Firewall to emphasize its abilities to protect cloud and dispersed networks.

Credentialed account used to log into Barracuda Services and Barracuda Appliance Control.

Contact Barracuda Networks Technical Support if you need help with your Barracuda Networks product. Visit https://www.barracuda.com/support/index for details.

Application-aware network firewall appliance, designed for organizations without dedicated IT personnel to manage firewalls.

Web Security Gateway engine used by the URL Filter service on the Barracuda NextGen Firewall F-Series. The Barracuda NG Web Security Filter can only be used in combination with the HTTP proxy and is not compatible with Application Control. Requires a Barracuda NG Web Security Gateway subscription.

Entry point into Barracuda cloud services.

A database maintained by Barracuda Central and includes a list of IP addresses of known, good senders as well as known spammers, or IP addresses with a poor reputation.

Database of IP addresses manually verified to be noted sources of spam.

Barracuda Networks' web application vulnerability management solution to help businesses automatically identify, assess, and mitigate web application security risks including those categorized by the Open Web Application Security Project (OWASP) including SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and others.See also Barracuda Vulnerability Remediation Service (BVRS).

A free add-on to the Barracuda Web Application Firewall, enables automatic scanning, remediation, and maintenance of web application policies.See also Barracuda Vulnerability Manager (BVM).

Barracuda's product that blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target applications hosted on web servers and in the cloud. 

A tamper-proof client that can be installed on remote, off-network laptops or desktops to help implement a consistent web security policy across localized and distributed workforces.

The standard TCP/IP naming service that links network names with IP addresses.

Storage device that moves data in sequences of bytes or bits (blocks). Example: hard disk, CD-ROM drive, flash drive.

Defines the block devices (instance store volumes and EBS volumes) to attach to an AWS instance. 

List of domains, users, or hosts that are denied access, especially refers to mail and web traffic. Sometimes known as blacklist. Compare to allow list or whitelist.

Licence-free symmetric encryption algorithm that can be used as a replacement for the DES and IDEA algorithms.

A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, for example, to send spam messages. The word botnet is a combination of the words “robot” and “network”.

The action taken by network equipment to create an aggregate network from either two or more communication networks, or two or more network segments. Bridging is distinct from routing, which allows multiple different networks to communicate independently while remaining separate.

Protection against a brute-force attack, which consists of systematically checking all possible keys or passwords until the correct one is found. This type of attack uses a large number of attempts to gain access to a system.

In AWS, container for objects that can be stored in Amazon S3.

The practice of allowing employees or members of an organization to use their own computers, phones, or other devices for work.

Data deduplication method that analyzes data streams at the byte level by performing a byte-by-byte comparison of new data streams versus previously stored ones.

Licence-free symmetric encryption algorithm (key block cipher).

A document or seal certifying the authenticity of something. A digital certificate certifies the ownership of a public key. This allows relying parties to rely upon signatures or on assertions made about the private key that corresponds to the certified public key.

Log of configuration changes on the appliance. Can be found in the release notes of the product.

The result of a mathematical operation that uses the binary representation of a group of data as its basis, usually to check the integrity of the data.

Technique supported by BGP4 and based on route aggregation. CIDR allows routers to group routes together in order to cut down on the quantity of routing information carried by the core routers. 

Standard for sharing files across the Internet.

Classes of IP addresses as defined in the Internet Protocol hierarchy.

In AWS, a Classic Load Balancer makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS), and supports either EC2-Classic or a VPC (virtual private cloud).

Malicious technique where a user is tricked into clicking on a button or link on a website using hidden clickable elements inside an invisible iFrame.

A search engine optimization (SEO) technique in which the content presented to the search engine spider is different from that presented to the user’'s browser.

AWS cloud integration allows the firewall to connect directly to the AWS service fabric to rewrite routes in AWS route tables and to retrieve information for the cloud element on the dashboard. Cloud integration also works with Azure.

A computer operating system that is specially designed to run in a provider's datacenter and be delivered to the user over the Internet or another network. Windows Azure is an example of a cloud operating system or 'cloud layer' that runs on Windows Server 2008.

The ability to move applications and data from one cloud provider to another. This is the opposite of "vendor lock-in".

A service offered by cloud storage providers whereby data is transformed using encryption algorithms and is then placed on a storage cloud.

AWS management tool that lets you create, manage, and update a collection of AWS resources using templates and allowing Json code for template deployment.

Host uploaded content and can be deployed in CloudFormation, an AWS feature.

An AWS content delivery service that helps you improve the performance, reliability, and availability of your websites and applications.

Replacing traditional IT operations with lower-cost, outsourced cloud services.

AWS management tool to monitor resources and applications. Aggregates data and metrics (cpu load, network throughput, disk io, etc), filters it, and provides alarm actions.

Global settings that apply to a cluster on a Barracuda NextGen Control Center.

In Ethernet, the network area within which frames that have collided are propagated. Repeaters and hubs propagate collisions. LAN switches, bridges and routers do not.

Text string that acts as a password and is used to authenticate messages sent between a management station and a router containing an SNMP agent. The community string is sent in every packet between the manager and the agent.

The process of encoding digital information by using fewer bits.

Traffic in excess of network capacity.

AWS feature, lets you scale down EC2 instances to reduce sessions.

Barracuda Web Application Firewall (WAF) feature. A cache of database connections is maintained so those connections can be reused when future requests to the database are required. Connection pools are used to enhance the performance of executing commands on a database and also cuts down on the amount of time a user must wait to establish a connection to the database.

A distributed system consisting of servers in discrete physical locations, configured in a way that clients can access the server closest to them on the network, thereby improving speeds.

Masks the virtualization environment, so payload can be detonated more effectively.

Feature of S3 storage class in AWS. Once enabled, every object uploaded to a particular S3 bucket is automatically replicated to a designated destination bucket located in a different AWS region.

A type of computer security vulnerability, typically found in web applications, that enables attackers to inject client-side scripts into web pages viewed by users.

Main page of many Barracuda Networks product interfaces, providing a summary of the system. Formerly known as the Status tab.

A facility used to house computer systems and associated components, such as telecommunications and storage systems.

Data Theft means the illegal copy of personal information of other individuals or business. The information may be social security number, passwords, credit card information, other personal information, and/or other confidential corporate information. Barracuda WAF helps prevent unintended exposure of such data by matching response body information with pre-defined data theft patterns.

Occurs when data or a data stream is stored in a location too short to hold its entire length. May occur automatically, such as when a long string is written to a smaller buffer, or deliberately, when only a portion of the data is wanted.

Document that summarizes the performance and other technical characteristics of a product, machine, component (e.g., an electronic component), material, a subsystem (e.g., a power supply) or software in sufficient detail to be used by a design engineer to integrate the component into a system.

Remote procedure call system that allows programmers to write distributed software without having to worry about the underlying network code.

A Distributed Denial of Service is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to users by temporarily or indefinitely disrupting services of a host connected to the Internet, using more than one, often thousands of, unique IP addresses.

An Internet hosting option where an organization leases an entire server, fully dedicated to their use. This is also an option in the public cloud. The price for a Dedicated Host varies by instance family, region, and payment option.

Amazon EC2 instance that runs on single-tenant hardware dedicated to a single customer.

An option you can purchase from a cloud vendor to guarantee that sufficient capacity will be available to launch Dedicated Instances into a virtual private cloud (VPC).

An attack on a website that changes the visual appearance of the site or a web page.

A physical or logical sub-network that contains and exposes an organization’s external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN). An external network node has direct access only to equipment in the DMZ, rather than to any other part of the network.

Changing the destination address/port in the IP header of a packet. Example: redirecting incoming packets with a destination of a public address/port to a private IP address/port inside the network.

A mathematical scheme for demonstrating the authenticity of a digital message or document.

Distributed database that translates domain names, like www.example.com, into unique IP address.

A temporary database, maintained by a computer's operating system, that contains records of all recent visits and attempted visits to websites and other Internet domains.

Database record used to map a URL to an IP address.

Open-source software that automates the deployment of applications inside virtualized software containers.

A layered file system template that is the basis of a Docker container. Docker images can comprise specific operating systems or applications.

A  cyber-attack where the perpetrator seeks to make a computer or network resource unavailable to users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of Service attacks are typically accomplished by flooding the target with superfluous requests in an attempt to overload systems and prevent legitimate requests from being fulfilled. See also Distributed Denial of Service or DDoS.

Term used in context with Traffic Intelligence (TI). Using dynamic path selection, the session is balanced depending on the amount of traffic.

Routing that adjusts automatically to network topology or traffic changes. Also called adaptive routing.

A fully managed Amazon NoSQL database service that provides fast and predictable performance with seamless scalability.

Provides persistent block level storage volumes for use with Amazon EC2 instances in the AWS Cloud. Instances that use Amazon EBS for the root device automatically have an Amazon EBS volume attached.

Forms a central part of AWS by allowing users to rent virtual computers on which to run their own computer applications.

Used by the AWS service CloudFront. Feature that offers content to end users via geographically closer locations to improve their experience.

Internet protocol for exchanging routing information between autonomous systems. 

A web service for deploying and managing applications in the AWS cloud without worrying about the infrastructure that runs those applications.

The ability to dynamically provision and deprovision computing and storage resources to stretch to the demands of peak usage, without the need to worry about capacity planning and engineering around uneven usage patterns.

A static public IP address that belongs to an AWS account. Can be associated with an instance to make it accessible from the Internet. The Elastic IP is natted/mapped by AWS to the private IP.

AWS web service that improves an application's availability by distributing incoming traffic between two or more EC2 instances.

To convert information or data into a cipher or code, especially to prevent unauthorized access. Antonym: unencrypt. 

Provides Barracuda Networks products with protection from the latest Internet threats. These updates are sent out hourly, or more frequently if needed, to ensure that appliances always have the latest and most comprehensive protection. Barracuda Energize Updates subscriptions must be purchased with any Barracuda Networks appliance. Includes basic support, firmware maintenance, security updates, and early release firmware.

The use of a master key and a data key to algorithmically protect data. The master key is used to encrypt and decrypt the data key and the data key is used to encrypt and decrypt the data itself.

Local area network technology that uses special twisted pair or fiber optical cables. As per the OSI model, Ethernet provides services up to and including the data link layer.

Contract between the Barracuda and the purchaser, establishing the purchaser's right to use Barracuda software.

Bypassing an information security device in order to deliver an exploit, attack, or other form of malware to a target network or system, without detection.

Technique of working with generated log files to refine security settings, customizing them to the web application.See also adaptive profiling.

The use of software, data, or commands to 'exploit' a weakness in a computer system or program to carry out some form of malicious intent, such as a denial-of-service attack, Trojan horses, worms, or viruses.

A result that indicates a given condition is present, when it is not.

Model version of a Barracuda Networks product.

A Denial of Service (DoS) attack that is designed to bring a network or service down by flooding it with large amounts of traffic.

AWS service that enables you to capture information about the IP traffic going to and from network interfaces in a VPC.

Techniques of examining digital media with the aim of identifying, preserving, recovering, analyzing, and presenting facts and opinions about the digital information.

An intermediary for requests from clients under an administrator's control to areas that are not under the administrator's control. Sometimes called "proxy" without the word "forward".

The front end is responsible for collecting input in various forms from the user.

The front-end server is an extension of the back-end server and is designed to provide scalability.

Standard network protocol used to transfer files between a client and server on a computer network.

Allows the proxy to control FTP traffic. When a client uploads or downloads files, the proxy identifies the traffic as FTP, allowing the appliance to control file transfers using TCP optimization and caching.

Extension to FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.

A communication system between two entities in which either entity can transmit simultaneously. Compare to half duplex.

A gigabit, or 10^9 bits.

A gigabyte, or 10^9 bytes, or 8000 million bits.

Locating a computer's geographic location based on its IP address.

A unit of frequency equal to 10^9 hertz, which is defined as one cycle per second.

Integration of Google Accounts, for example in authentication processes.

A service that enables developers to create and run web applications on Google's infrastructure and share their applications via a pay-as-you-go, consumption-based plan with no setup costs or recurring fees.

Standard that defines the protocols to provide audio-visual communication sessions on any packet network. H.323 addresses call signaling and control, multimedia transport and control, and bandwidth control for point-to-point and multi-point conferences.

Barracuda program that allows existing appliance customers with an active Energize Updates subscription to migrate to the latest hardware platforms at a reduced price -- ensuring customers benefit from the latest hardware improvements and firmware capabilities.

Deployment method that ensures that the services running on the system are always available even if one system is down due to maintenance or a hardware fault.

Protocol for submitting data over a network, commonly used to load website content in a web browser.

HTTP header field that identifies the address of the webpage (i.e., the URI or IRI) that links to the resource being requested. (Originally a misspelling of referrer.) 

Consists of communication over HTTP within a connection encrypted by TLS or SSL. The main motivation is authentication of the visited website and protection of the privacy and integrity of the exchanged data.

Computer software, firmware, or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a "host machine". Each virtual machine is called a "guest machine".

Cloud infrastructure services in which a virtualized environment is delivered as a service by the cloud provider.

The Identity and Access Management feature of cloud services (like AWS)  that lets you control who can use the provider's services and resources (authentication) and what resources they can use in which ways (authorization).

Infrastructure is the backbone of all of your business operations.

A "copy" of a virtual appliance/image/machine that is being installed, brought up, configured, etc. In the context of an AWS deployment, a virtual product (for example, a Barracuda CloudGen Firewall) that runs on Amazon Web Services (AWS).

Network security feature that monitors local and forwarding firewall traffic for malicious activities.

A numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.

The fourth and sixth versions, respectively, of the Internet Protocol (IP). Following are examples of notation for each type of address:IPv4    192.0.2.235IPv6    2001:0db8:0000:0042:0000:8a2e:0370:7334

Routing node in an OSI network.

Communication protocol offered by telephone companies that permits telephone networks to carry data, voice, and other source traffic.

Measure of the difference in packet delay, that is, the difference in the space between packet arrival times. Jitter can be remedied somewhat with a jitter buffer.

An open, text-based data exchange format (like XML), that is human-readable and platform-independent. Data formatted according to the JSON standard is lightweight and can be parsed by JavaScript implementations.

A kilobit.

A network authentication protocol, designed to provide strong authentication for client/server applications by using secret-key cryptography. Available for free from the Massachusetts Institute of Technology, also available in commercial products.

AWS template that an Auto Scaling group uses to launch EC2 instances. Contains AMI, instance type, key pair, security groups, and block device mapping.

The transport layer from the ISO/OSI model, which provides end-to-end or host-to-host communication services for applications within a layered architecture of network components and protocols.

A legacy feature of the Barracuda NG Firewall. Barracuda Networks recommends using the new Application Control in Barracuda NextGen Firewall instead.

Application protocol used to manage and access the distributed directory information service.

Connection protocol used between application and Network Directory or Domain Controller. LDAPS communication is encrypted and secure.

Latest maintenance release for the previous major firmware version.

Operating mode for Ethernet bundles that uses the LACPDU protocol to negotiate automatic bundling links.

Allows you to aggregate multiple physical network links into a single logical link. You can use link aggregation to achieve multi-gigabit capacity to services and servers.

Macintosh Operating System. Formerly known as Mac OS X.

A server that receives, stores, sends, and processes emails.

An Internet site that attempts to install malware onto your device, usually to steal your personal information or to disrupt the operation of your system.

A megabit.

A unit of measure used to describe the rate of data transmission equal to one millions bits per second.

A unit of frequency equal to 10^6 hertz, which is defined as one cycle per second. 

Microsoft's cloud computing platform. Barracuda Networks was the first Microsoft Azure Certified Security Solution Provider, with a product line that includes the Barracuda Web Application Firewall, CloudGen Firewall, Message Archiver, and Email Security Gateway.

A web application platform in the Microsoft Office server suite, mainly used for document management and storage. 

Two-part identifier for file formats and format contents transmitted over the Internet.

Measure representing the overall quality of a system or stimulus, calculated by taking the arithmetic mean of individual values of quality. Often used for, but not limited to, video, audio and audiovisual quality.

A specification in a data link protocol that defines the maximum number of bytes that can be carried in any one packet on that link.

Switch that filters and forwards packets based on MAC addresses and network addresses. A subset of LAN switch.

Scheme that allows multiple logical signals to be transmitted simultaneously across a single physical channel.

The existence of multiple clients sharing resources (services or applications) on distinct physical hardware. Due to the on-demand nature of cloud, most services are multitenant.

Server connected to a network that resolves network names into network addresses.

The process of modifying IP address information in IP packet headers while in transit across a traffic routing device. The simplest type of NAT provides a one to one translation of IP addresses.

A NAT device, configured by a user, that performs network address translation in a VPC public subnet to secure inbound Internet traffic.

API used by applications on an IBM LAN to request services from lower-level network processes. These services might include session establishment and termination, and information transfer.

Layer 3 of the OSI reference model. This layer provides connectivity and path selection between two end systems. The network layer is the layer at which routing occurs.

Networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.

Resource-intensive OSPF area that carries a default route, static routes, intra-area routes, interarea routes, and external routes. The only OSPF areas that can have virtual links configured across them and that can contain an ASBR.

Nonrelational database systems that are highly available, scalable, and optimized for high performance. Instead of the relational model, NoSQL databases (like Amazon DynamoDB) use alternate models for data management, such as key–value pairs or document storage.

Form of encryption where the plaintext is mixed with a large amount of non-cipher material.

Authentication method with an internal IP address as destination. Offline Authentication Works with all protocols (for example, POP3).

Refers to a location other than the subject site. Example: Barracuda Cloud Storage subscription plans provide diverse offsite storage that scales to meet your changing data requirements.

An Amazon EC2 pricing option that charges you for compute capacity by the hour with no long-term commitment.

Remote procedure call system based on calling conventions used in Unix and the C programming language.

A deployment option where only one network interface of a device is used to transfer incoming and outgoing traffic.

An automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or session.

At the place where a business or activity happens. Compare to offsite.

A free and open-source cloud computing software platform used to control pools of processing, storage, and networking resources in a datacenter.

Orthogonal sparse bigram transformation. In machine learning, a transformation that aids in text string analysis and that is an alternative to the n-gram transformation. OSB transformations are generated by sliding the window of size n words over the text, and outputting every pair of words that includes the first word in the window.

Microsoft provides OWA as part of Exchange Server to allow users to connect to their email accounts via a web browser, without requiring the installation of Microsoft Outlook.

A worldwide, not-for-profit charitable organization focused on improving the security of software. Creator of the OWASP Top 10, a powerful awareness document for web application security, representing a broad consensus about the most critical web application security flaws.  https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project 

Cloud platform services, where the computing platform (operating system and associated services) is delivered as a service over the Internet by the provider.

A unit of data routed between an origin and a destination over a network.

Part of the processing of TCP IP traffic that consists of fragmenting, sending, and reassembling packets.

Additional, meaningless data adds to a packet to increase its size.

Standards for security practices when using payment cards (e.g., credit, debit, gift).https://www.pcisecuritystandards.org/security_standards/

A device to which a computer has a network connection that is relatively symmetrical and where both devices can initiate or respond to a similar set of requests.

A data storage solution where the data remains intact until it is deleted.

Component of the Barracuda Network Access Client. Centrally managed host firewall that can handle up to four different rulesets at once, depending on the policy applicable to user, machine, date, and time

Attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. See also spear phishing.

Refers to a group of standards, in the format PKCS #n, where n =1 to 15. For example: Certificates can be downloaded in PKCS #12 format, which includes the private key and certificate.

A system for distributing and using public encryption keys, enabling secure data exchange over the Internet.

Logical grouping of AWS instances within a single Availability Zone.

Also called source-based routing, is used when the source IP address of the connection determines, in part or completely, which route is used.

A tool in the IAM AWS Management Console that helps you test and troubleshoot policies so you can see their effects in real-world scenarios.

A means of Media Access Control where a device may only transmit information when it is given permission to transmit by a controller device.

A network protocol that is used to establish VPN tunnels.

24/7 support, offered by Barracuda Networks

A VPC subnet whose instances cannot be reached from the Internet.

In this mode, a network device can receive and process all of the packets on its network. Can be used in packet sniffing. 

The number of IP addresses being protected by the gateway.

Process of preparing and equipping a network or device to allow it to provide services to its users.

Cloud computing model, in which a service provider makes resources, such as applications and storage, available to the general public over the Internet. Examples include Amazon AWS, Google Cloud Platform, and  Microsoft Azure.

Cloud-hosted virtual machines, such as Microsoft Azure and Amazon Web Services.

Public Domain Name System (DNS) resolution service.

External IP address, assigned to a computing device to allow direct access over the Internet. For example, a web server, email server or any server device directly accessible from the Internet.

Encryption that uses both a public key and a private key as a pair; one is used for encryption, the other is used for decryption.

A subnet whose instances can be reached from the Internet.

Networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.

Provides a way of storing the same data in different places (redundantly) on multiple hard disks.

AWS term, managed Relational Database Service

The time in which an action is performed.

A combination of characters or character classes and operators that describe text for matching purposes.

A pricing option for EC2 instances that discounts the on-demand usage charge for instances that meet the specified parameters. Customers pay for the entire term of the instance, regardless of how they use it.

IP addresses reserved for special purposes. For example, IP addresses reserved and assigned to Azure cloud services.

Group of entities in Azure, that may contain storage accounts for OS disks, source images, application data, and networking resources.

A type of HTTP-based request interface that generally uses only the GET or POST HTTP method and a query string with parameters. Enables interoperability between a computer system and the Internet.

A software architecture style for building scalable web services. REST gives a coordinated set of constraints to the design of components in a distributed hypermedia system that can lead to a higher performing and more maintainable architecture.An API (Application Programming Interface) is the means by which third parties can write code that interfaces with other code.

Support the secondary function of Domain Name System (DNS) - the resolution of IP addresses to host names.

The HTTP Proxy directs incoming requests from other servers to clients without providing the origin details.

Numbered authorization provided by a merchant, like Barracuda Networks, to permit the return of a product.

Gives administrators the ability to assign specific privileges to users and to present the user with only the tools and permissions necessary to perform specific tasks, based on their role within the organization.

A return to a previous state after an installation or configuration failure.

A CA-signed or self-signed public key certificate that identifies the root certificate authority (CA).

Method of traffic balancing among links/interfaces in circular order.

AWS service for DNS-based load balancing that connects user requests to EC2 instances, ELBs, S3 buckets, and Internet applications and provides health checks for monitoring or to route traffic to healthy endpoints.

In AWS, a set of routing rules that controls the traffic leaving any subnet that is associated with the route table. You can associate multiple subnets with a single route table, but a subnet can be associated with only one route table at a time.

Bridging mode where the router acts as a bridge.

Congestion control algorithm designed for fast download times such as user response times, or flow-completion times. 

One of the four storage classes in AWS. 99.9& SLA reduced redundancy storage, lower fault tolerance, stored in 1 region.

A hardware token for performing two-factor authentication for a user to a network resource.

A collection of one or more access or application rules.

Object-based, scalable object storage in the AWS cloud.

Feature of Google Search that acts as an automated filter of pornography and potentially offensive content.

An online SaaS company that is best known for delivering customer relationship management (CRM) software to companies over the Internet.

A version of the SAML standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority (an identity provider) and a SAML consumer (a service provider). SAML 2.0 enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.

The suitability of a network system to operate properly and efficiently when configured on a large scale.

In AWS, a description of how Auto Scaling should automatically scale an Auto Scaling group in response to changing demand.

Network layer protocol that provides extended routing, flow control, segmentation, connection orientation, and error correction facilities in Signaling System 7 telecommunications networks.

A wide area network controlled by software. Control and data are decoupled, simplifying both network hardware and management.

Definition of what it means to be "secure" for an organization or for a system. Barracuda Networks products use your security policies to help protect your organization and system.

A port on a computing device that is capable of either transmitting or receiving one bit at a time. 

Certificate for a server, signed by a valid, trusted entity, that allows access without further validation.

Certificate for a service, signed by a valid, trusted entity, that allows access without further validation. 

The layer in the OSI 7-Layer Model that is concerned with managing the resources required for the session between two computers.

Algorithm that reads its input exactly once, in order, without unbounded buffering. Generally requires O(n) time and less than O(n) storage (typically O), where n is the size of the input.

A session and user authentication service that permits a user to use one set of login credentials to access multiple applications. 

Communications protocol for signaling and controlling multimedia communication session such as voice and video calls.

Securely connects entire networks to each other, for example, connecting a branch office network to a company headquarters network.

A contractual agreement by which a service provider defines the level of service, responsibilities, priorities, and guarantees regarding availability, performance, and other aspects of the service.

Occurs when an attacker deliberately sends multiple partial HTTP requests to the server to carry out an HTTP DoS attack on the server. The client attempts to slow the request or response so much that it holds connections and memory resources open on the server for a long time, but without triggering session time-outs.

Operates as an application-layer network protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network.

Multi-Factor Authentication (MFA) solution that adds an extra security layer for a broad range of authentication clients.

IBM's communications architecture and strategy.

Capture of the state of a system at a particular point in time.

The SNMP service is used to remotely monitor the network and system state of a Barracuda NextGen Firewall using a network management system (NMS).

Feature to push notifications to mobile services and trigger actions, in Amazon Web Services (AWS).

Network package format for time synchronization, similar to NTP, only recommended for simple applications.

Protocol specification for exchanging structured information in the implementation of web services in computer networks.

A nine-digit number issued to U.S. citizens, permanent residents, and temporary (working) residents for social security purposes.

Changing the source address/port in the IP header of a packet. Example: changing a private IP address/port into a public address/port in the IP header of a packet leaving the network.

Unwanted email messages, usually for advertising purposes and usually sent in bulk.

An email address that is set up by an anti-spam entity, not for correspondence, but to monitor unsolicited email. 

A form of phishing that is more targeted. The sender of the fraudulent phishing email knows something about the intended victim, making it more likely that they will divulge personal information, like birth dates and passwords.

Purchasing option that allows a customer to purchase unused Amazon EC2 computer capacity at a highly-reduced rate.

A standard metalanguage for data base access and management.

Microsoft SQL Server is a relational database management system (RDBMS) designed for enterprise environments.

Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing service.

A solid-state storage device that uses integrated circuit assemblies as memory to store data persistently.

A digital certificate that is installed on a web server, authenticates the identity of the website, and encrypts the data that is transmitted.

The standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.Transport Layer Security (TLS) is the successor to SSL, and is sometimes referred to as "SSL".

Relieves a web server of the processing burden of encrypting and/or decrypting traffic sent via SSL. The processing is offloaded to a separate device designed specifically to perform SSL acceleration or SSL termination.

A man-in-the-middle attack which changes HTTPS sessions to unencrypted HTTP sessions or makes unencrypted HTTP sessions look like safe HTTPS sessions, even including a padlock icon.

VPN client that can be installed on the Barracuda CloudGen Firewall and then accessed through the Barracuda SSL VPN web portal. (Barracuda SSL VPN is a different product.)

Route that is explicitly configured and entered into the routing table. Static Routes take precedence over routes chosen by dynamic routing protocols.

Hosting of a static website in Amazon S3. When a bucket is enabled for Static website hosting, all content is accessible to web browsers via the Amazon S3 website endpoint of the bucket.

Data compression technique used in wireless networks.

Helps you know which portion of the IP address identifies the network and which portion identifies the node. You can use subnet masks to divide networks in to subnetworks and to identify the subnetwork an IP address belongs to.

Partitioning of an IP address space into several smaller address spaces.

Method for handling of log file messages that are to be transferred to another system for analyzing purposes.

An intrusion into a network cable by a connector.

The TCP Proxy is placed between browser and web server and filters requests and responses in TCP streams.

A Transport and Network Layer Protocol, respectively, used for communication in the Internet and often in private networks.

A protocol to access a remote computer system, often a Unix system, over the network. Origin: Teletype Network.

Communications processor that connects asynchronous devices such as terminals, printers, hosts, and modems to any LAN or WAN that uses TCP/IP, X.25, or LAT protocols.

A simplified version of FTP (file tranfer protocol).

A date/time string to mark an occurrence of an event. 

The HTTP Proxy operates transparently to the clients in the network.

Cryptographic protocol that provides communications security over a computer network.

The Two-Arm Proxy mode uses both physical ports (WAN and LAN) of the device.

To decrypt encrypted data. The antonym of encrypt.

Product or system.

Software that acts on behalf of the user. For example, an agent might give information about a user's browser and operating system to a web site.

Security term for traffic monitoring based on username, host, and IP address.

A cloud computing environment optimized for use and built around the compliance needs of specialized industries such as healthcare, financial services, and government operations.

Allows multiple guest virtual machines (VM) to run on a host operating system. Guest VMs can run on one or more levels above the host hardware, depending on the type of virtualization.

Any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). The physical interface behaves like several interfaces, and the switch behaves like multiple switches.

Method to help identify packets travelling through trunk links. When an Ethernet frame traverses a trunk link, a special VLAN tag is added to the frame and sent across the trunk link. As it arrives at the end of the trunk link, the tag is removed and the frame is sent to the correct access link port according to the switch’s table, so the receiving end is unaware of any VLAN information.

An emulation of a computer system that is based on computer architectures and provides functionality of a physical computer. For example, the Barracuda NextGen Firewall Azure can be deployed as a virtual machine in the Microsoft Azure cloud.

A representation of your own network in the Azure cloud.

An elastic network populated by infrastructure, platform, and application services that share common security and interconnection.

An enhanced suite of tools for cloud computing utilizing VMware ESX/ESXi. Includesthe VMWare vCenter server and the vSphere client.

Specifies virtual model of a Barracuda Networks products. For example, Barracuda Web Application Firewall 460 Vx.

A network connecting devices separated by large geographical distances, often joining multiple local access networks (LANs). 

IP address used to connect your WAN to the Internet. It is shared by all devices in the WAN. 

Client–server software application in which the client (or user interface) runs in a web browser.

A core design feature of the HTTP protocol meant to minimize network traffic by storing reusable responses to make subsequent requests faster. 

Web-based user interface.

A computer system that processes requests via HTTP, the basic network protocol used to distribute information on the web.

A technology for wireless local area networking with devices based on the IEEE 802.11 standards. 

Citrix hypervisor that allows to run multiple virtual machines (VMs) on one physical device.

A human-readable data serialization language, commonly used for configuration files.