It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

Glossary

3DES
  • Also known as: Triple DES

Symmetric-key block cipher used in data encryption that applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.

802.11n

Wireless networking standard that uses multiple antennas to increase data rates. 

802.1q VLAN

IEEE 802.1Q is a standard for virtual LANs (VLANs) on an Ethernet network that defines VLAN tagging for Ethernet frames and frame handling for bridges and switches, and contains provisions for a quality of service prioritization scheme (IEEE 802.1p). It also defines the Generic Attribute Registration Protocol.

accelerator

A hardware addition to an existing computing device that increases the computer's processing speed and capabilities.

access rule

Forwarding rule that determines how clients on a source network access resources on a destination network.

Active Directory
  • Also known as: MSAD, AD

A directory service that Microsoft developed for Windows domain networks and that is included in most Windows Server operating systems as a set of processes and services.

add-in

Software utility that can be used in conjunction with a device or service; for example, Barracuda Outlook Add-In.

add-on

A piece of software that enhances another software application and usually cannot be run independently.

Advanced Persistent Threat
  • Also known as: APT

Malicious cyber attacks directed at a specific target, usually over a long period of time. APTs are often run by professional organizations, looking to steal information rather than just money.

Advanced Threat Protection
  • Also known as: ATD, ATP, Advanced Threat Detection, BATP, Barracuda Advanced Threat Protection

Service that analyzes inbound email attachments with most MIME types in a separate, secured cloud environment, detecting new threats and determining whether to block such messages. Formerly known as Advanced Threat Detection, or ATD.

allow list
  • Also known as: whitelist, white list

List of domains, users, or hosts that are allowed access, especially referring to mail and web traffic.

Amazon Web Services
  • Also known as: AWS

Amazon's public cloud platform that lets you build, deploy, and manage applications across a global network of datacenters.

AMI
  • Also known as: Amazon Machine Image

AWS template that contains configuration, application server, and applications required to launch an EC2 AWS Instance.

Android

Mobile device operating system. Compare to Apple iOS.

anti-evasion

Protection against network attacks that combine several different known evasion methods to create a new technique that is delivered over several layers of the network simultaneously. 

anti-malware
  • Also known as: malware protection

Protection against malicious software, used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.

anti-obfuscation

Protection against attacks that involve obfuscated code. Obfuscation may involve encrypting code, stripping out potentially revealing metadata, renaming useful class and variable names, or adding meaningless code to an application binary. 

antivirus

Antivirus software, abbreviated: AV. Used to prevent, detect and remove malicious software.

API
  • Also known as: Application Programming Interface

 A set of tools and procedures provided by the programmer of an application so that other programmers can control, exchange data with, or extend the functionality of an application.

APN
  • Also known as: Access Point Name

Access Point Name provided by an ISP for wireless WAN connections.

Apple iOS

Apple mobile operating system for devices such as iPhone and iPad. Compare to Android.

appliance

Device or piece of equipment.

Application Control

Enables you to control application traffic, including sub-applications, such as chat function and picture uploading.

Application Load Balancer

AWS feature that makes routing decisions at the application layer (HTTP/S), supports path-based routing, and can route requests to one or more ports on each EC2 instance or container instance in a VPC.

ARP
  • Also known as: Address Resolution Protocol

Protocol for mapping IP addresses to physical addresses such as Ethernet or Token Ring.

ARP spoofing
  • Also known as: ARP trashing, spoofing

Type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network.

ASCII

Referring to a standard 7-bit character system that includes the alphanumeric characters and printer control codes.

authoritative DNS

Name server that gives answers in response to queries about names in a DNS zone.

authority zone

Associated with DNS. A section of the domain-name tree for which one name server is the authority.

Auto Scaling Group

A representation of multiple EC2 instances that share similar characteristics, and that are treated as a logical grouping for the purposes of instance scaling and management.

autonomous system
  • Also known as: AS

Collection of networks under a common administration sharing a common routing strategy. Autonomous systems are subdivided by areas. An autonomous system must be assigned a unique 16-bit number by the IANA. 

AWS Direct Connect
  • Also known as: Amazon Web Services

Enables you to use the Internet privately through AWS cloud services by linking your internal network to an AWS Direct Connect location. You can create virtual interfaces directly to the AWS cloud and to Amazon VPC, bypassing Internet service providers in your network path.

AWS IoT
  • Also known as: Amazon Web Services Internet of Things

A managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices.

AWS region

A named set of AWS resources in the same geographical area. A region comprises at least two Availability Zones.

AWS Management Console

A simple and intuitive web-based user interface to access and manage AWS.

back-end server

Part of the back-end process, that usually consists of server, application, and database. The back end is where the technical processes happen, as opposed to the front end, which is usually where the user's interaction occurs.

backbone

Referring to the Internet, a central network that provides a pathway for other networks to communicate.

Balance-XOR

Operating mode for Ethernet bundles where the link is chosen by calculating the hash out of the source/destination MAC (Layer 2) combined with the IP addresses (Level 3).

bandwidth

Rate of data transfer, usually expressed in multiples of bits per second (bps).

Barracuda Campus

Online documentation and training material for all Barracuda Networks products, located at campus.barracuda.com. Contains feature descriptions, how-to articles, and release notes. Formerly known as Barracuda University and Barracuda TechLibrary.

Barracuda Central

Provides a wide range of statistics, threat information, and a number of useful services to help manage and secure your network. Shares information with Barracuda Networks customers and the Internet security community. 

Barracuda cloud

A complementary component of all Barracuda Networks products, providing an added layer of protection and scalability.

Barracuda Cloud Control
  • Also known as: BCC

A comprehensive cloud-based service that enables administrators to monitor and configure multiple Barracuda Networks products from a single console.

Barracuda Networks account

Credentialed account used to log into Barracuda Services and Barracuda Appliance Control.

Barracuda Networks Technical Support

Contact Barracuda Networks Technical Support if you need help with your Barracuda Networks product. Visit https://www.barracuda.com/support/index for details.

Barracuda NextGen Firewall X-Series

Application-aware network firewall appliance, designed for organizations without dedicated IT personnel to manage firewalls.

Barracuda NG Web Security Gateway (IBM ISS)

Web Security Gateway engine used by the URL Filter service on the Barracuda NextGen Firewall F-Series. The Barracuda NG Web Security Filter can only be used in combination with the HTTP proxy and is not compatible with Application Control. Requires a Barracuda NG Web Security Gateway subscription.

Barracuda portal

Entry point into Barracuda cloud services.

Barracuda Reporting Server
  • Also known as: BRS

Barracuda Networks' hardware appliance that rapidly generates reports while maintaining or improving accuracy of reporting data. It also provides an aggregate view of data for customers with multiple connected devices. Currently works with connected Barracuda Web Security Gateways.

Barracuda Web Security Agent
  • Also known as: WSA

A tamper-proof client that can be installed on remote, off-network laptops or desktops to help implement a consistent web security policy across localized and distributed workforces.

Barracuda Web Security Gateway
  • Also known as: WSG

Integrated content filtering, application blocking, and malware protection solution that enforces Internet usage policies on and off network by blocking access to websites and Internet applications and eliminates spyware and other forms of malware.

BIND
  • Also known as: Berkeley Internet Name Domain

The standard TCP/IP naming service that links network names with IP addresses.

block device

Storage device that moves data in sequences of bytes or bits (blocks). Example: hard disk, CD-ROM drive, flash drive.

block device mapping

Defines the block devices (instance store volumes and EBS volumes) to attach to an AWS instance. 

Blowfish

Licence-free symmetric encryption algorithm that can be used as a replacement for the DES and IDEA algorithms.

BYOD
  • Also known as: Bring Your Own Device

The practice of allowing employees or members of an organization to use their own computers, phones, or other devices for work.

byte-level data deduplication

Data deduplication method that analyzes data streams at the byte level by performing a byte-by-byte comparison of new data streams versus previously stored ones.

CAST

Licence-free symmetric encryption algorithm (key block cipher).

certificate

A document or seal certifying the authenticity of something. A digital certificate certifies the ownership of a public key. This allows relying parties to rely upon signatures or on assertions made about the private key that corresponds to the certified public key.

changelog

Log of configuration changes on the appliance. Can be found in the release notes of the product.

checksum

The result of a mathematical operation that uses the binary representation of a group of data as its basis, usually to check the integrity of the data.

CIDR
  • Also known as: classless interdomain routing

Technique supported by BGP4 and based on route aggregation. CIDR allows routers to group routes together in order to cut down on the quantity of routing information carried by the core routers. 

CIPA
  • Also known as: Children's Internet Protection Act

Enacted by US Congress in 2000 to address concerns about children's access to obscene or harmful content over the Internet.

Class A|B|C|D network

Classes of IP addresses as defined in the Internet Protocol hierarchy.

classic load balancer

In AWS, a Classic Load Balancer makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS), and supports either EC2-Classic or a VPC (virtual private cloud).

cloud integration

AWS cloud integration allows the firewall to connect directly to the AWS service fabric to rewrite routes in AWS route tables and to retrieve information for the cloud element on the dashboard. Cloud integration also works with Azure.

cloud operating system

A computer operating system that is specially designed to run in a provider's datacenter and be delivered to the user over the Internet or another network. Windows Azure is an example of a cloud operating system or 'cloud layer' that runs on Windows Server 2008.

cloud portability

The ability to move applications and data from one cloud provider to another. This is the opposite of "vendor lock-in".

cloud-based encryption

A service offered by cloud storage providers whereby data is transformed using encryption algorithms and is then placed on a storage cloud.

CloudFormation

AWS management tool that lets you create, manage, and update a collection of AWS resources using templates and allowing Json code for template deployment.

CloudFront

An AWS content delivery service that helps you improve the performance, reliability, and availability of your websites and applications.

cloudsourcing

Replacing traditional IT operations with lower-cost, outsourced cloud services.

CloudWatch

AWS management tool to monitor resources and applications. Aggregates data and metrics (cpu load, network throughput, disk io, etc), filters it, and provides alarm actions.

cluster-specific

Global settings that apply to a cluster on a Barracuda NextGen Control Center.

collision domain

In Ethernet, the network area within which frames that have collided are propagated. Repeaters and hubs propagate collisions. LAN switches, bridges and routers do not.

concentrator

A synonym for a multi-port repeater that may also perform bridging and routing functions.

congestion

Traffic in excess of network capacity.

connection draining
  • Also known as: Amazon Web Services

AWS feature, lets you scale down EC2 instances to reduce sessions.

content delivery network
  • Also known as: CDN

A distributed system consisting of servers in discrete physical locations, configured in a way that clients can access the server closest to them on the network, thereby improving speeds.

CPU emulation

Masks the virtualization environment, so payload can be detonated more effectively.

cross region replication

Feature of S3 storage class in AWS. Once enabled, every object uploaded to a particular S3 bucket is automatically replicated to a designated destination bucket located in a different AWS region.

cyberbullying

Bullying that takes place using electronic technology and communication tools including social media sites, text messages, chat, and websites. The Barracuda Web Security Gateway provides an alert for cyberbullying.

dashboard

Main page of many Barracuda Networks product interfaces, providing a summary of the system. Formerly known as the Status tab.

data center

A facility used to house computer systems and associated components, such as telecommunications and storage systems.

data truncation
  • Also known as: truncate

Occurs when data or a data stream is stored in a location too short to hold its entire length. May occur automatically, such as when a long string is written to a smaller buffer, or deliberately, when only a portion of the data is wanted.

datasheet

Document that summarizes the performance and other technical characteristics of a product, machine, component (e.g., an electronic component), material, a subsystem (e.g., a power supply) or software in sufficient detail to be used by a design engineer to integrate the component into a system.

DC Agent

When configured with Microsoft Active Directory (MSAD) authentication, the Barracuda DC Agent (Domain Controller Agent) allows transparent authentication monitoring with the Barracuda Networks products and Microsoft domain controllers.

DCE-RPC
  • Also known as: Distributed Computing Environment Remote Procedure Call

Remote procedure call system that allows programmers to write distributed software without having to worry about the underlying network code.

dedicated host

An Internet hosting option where an organization leases an entire server, fully dedicated to their use. This is also an option in the public cloud. The price for a Dedicated Host varies by instance family, region, and payment option.

dedicated instance

Amazon EC2 instance that runs on single-tenant hardware dedicated to a single customer.

dedicated reserved instance

An option you can purchase from a cloud vendor to guarantee that sufficient capacity will be available to launch Dedicated Instances into a virtual private cloud (VPC).

demilitarized zone
  • Also known as: DMZ

A physical or logical sub-network that contains and exposes an organization’s external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN). An external network node has direct access only to equipment in the DMZ, rather than to any other part of the network.

DNS
  • Also known as: Domain Name System

Distributed database that translates domain names, like www.example.com, into unique IP address.

DNS Cache
  • Also known as: DNS resolver cache

A temporary database, maintained by a computer's operating system, that contains records of all recent visits and attempted visits to websites and other Internet domains.

DNS record

Database record used to map a URL to an IP address.

Docker

Open-source software that automates the deployment of applications inside virtualized software containers.

Docker image

A layered file system template that is the basis of a Docker container. Docker images can comprise specific operating systems or applications.

dynamic path selection

Term used in context with Traffic Intelligence (TI). Using dynamic path selection, the session is balanced depending on the amount of traffic.

dynamic routing

Routing that adjusts automatically to network topology or traffic changes. Also called adaptive routing.

DynamoDB

A fully managed Amazon NoSQL database service that provides fast and predictable performance with seamless scalability.

edge location

Used by the AWS service CloudFront. Feature that offers content to end users via geographically closer locations to improve their experience.

eDiscovery
  • Also known as: electronic discovery, e-discovery

The legal procedure of discovery - finding data with the intent to use it as evidence in a legal case - as it pertains to information and evidence in electronic form.

EGP
  • Also known as: Exterior Gateway Protocol

Internet protocol for exchanging routing information between autonomous systems. 

Elastic Beanstalk

A web service for deploying and managing applications in the AWS cloud without worrying about the infrastructure that runs those applications.

Elastic IP address

A static public IP address that belongs to an AWS account. Can be associated with an instance to make it accessible from the Internet. The Elastic IP is natted/mapped by AWS to the private IP.

encapsulation

Placing one protocol inside of another. 

encrypt

To convert information or data into a cipher or code, especially to prevent unauthorized access. Antonym: unencrypt. 

Energize Updates

Provides Barracuda Networks products with protection from the latest Internet threats. These updates are sent out hourly, or more frequently if needed, to ensure that appliances always have the latest and most comprehensive protection. Barracuda Energize Updates subscriptions must be purchased with any Barracuda Networks appliance. Includes basic support, firmware maintenance, security updates, and early release firmware.

envelope encryption

The use of a master key and a data key to algorithmically protect data. The master key is used to encrypt and decrypt the data key and the data key is used to encrypt and decrypt the data itself.

Ethernet

Local area network technology that uses special twisted pair or fiber optical cables. As per the OSI model, Ethernet provides services up to and including the data link layer.

EULA

Contract between the Barracuda and the purchaser, establishing the purchaser's right to use Barracuda software.

evasion

Bypassing an information security device in order to deliver an exploit, attack, or other form of malware to a target network or system, without detection.

exploit

The use of software, data, or commands to 'exploit' a weakness in a computer system or program to carry out some form of malicious intent, such as a denial-of-service attack, Trojan horses, worms, or viruses.

firmware

Model version of a Barracuda Networks product.

flooding

A Denial of Service (DoS) attack that is designed to bring a network or service down by flooding it with large amounts of traffic.

Flow Logs

AWS service that enables you to capture information about the IP traffic going to and from network interfaces in a VPC.

forensics

Techniques of examining digital media with the aim of identifying, preserving, recovering, analyzing, and presenting facts and opinions about the digital information.

forward lookup zone

Forward lookup zones support the primary function of Domain Name System (DNS), that is, the resolution of host names to IP addresses.

forward proxy

An intermediary for requests from clients under an administrator's control to areas that are not under the administrator's control. Sometimes called "proxy" without the word "forward".

FQDN
  • Also known as: Fully Qualified Domain Name

The Fully Qualified Domain Name includes host name, as well as all enclosing domains, and is often distinguished by the use of a terminating dot: (host.subdomain.domain.).

FTP
  • Also known as: File Transfer Protocol

Standard network protocol used to transfer files between a client and server on a computer network.

FTP proxy

Allows the proxy to control FTP traffic. When a client uploads or downloads files, the proxy identifies the traffic as FTP, allowing the appliance to control file transfers using TCP optimization and caching.

G Suite Password Sync (GAPS)
  • Also known as: GAPS

Enables you to synchronize users' G Suite passwords with their Microsoft Active Directory passwords.

gateway route

Next-hop route to a network that cannot be directly accessed. Example: default route (0.0.0.0/0), that forwards packets not belonging to a the directly attached network to the remote gateway provided by the ISP. 

Gb

A gigabit, or 10^9 bits.

GB 

A gigabyte, or 10^9 bytes, or 8000 million bits.

GHz
  • Also known as: gigahertz

A unit of frequency equal to 10^9 hertz, which is defined as one cycle per second.

Google Accounts Enforcement

Integration of Google Accounts, for example in authentication processes.

Google Active Directory Sync
  • Also known as: GADS

Enables you to synchronize the data in your Google domain with your Microsoft Active Directory or LDAP server.

Google App Engine

A service that enables developers to create and run web applications on Google's infrastructure and share their applications via a pay-as-you-go, consumption-based plan with no setup costs or recurring fees.

Group Policy Object
  • Also known as: GPO

A collection of settings that define what a system will look like and how it will behave for a defined group of users.

guest access

Feature that lets you set up a confirmation page or ticketing system to temporarily grant guests access to the network.

H.323

Standard that defines the protocols to provide audio-visual communication sessions on any packet network. H.323 addresses call signaling and control, multimedia transport and control, and bandwidth control for point-to-point and multi-point conferences.

hardware refresh

Barracuda program that allows existing appliance customers with an active Energize Updates subscription to migrate to the latest hardware platforms at a reduced price -- ensuring customers benefit from the latest hardware improvements and firmware capabilities.

HIPAA

The Health Insurance Portability and Accountability Act of 1996, gives patients in the US rights over their health information and sets rules and limits on who can look at and receive health information. The Privacy Rule applies to all forms of individuals' protected health information, whether electronic, written, or oral. The Security Rule is a Federal law that requires security for health information in electronic form. For details, visit http://www.hhs.gov/ocr/privacy/hipaa/understanding/

hostname

Label assigned to a device connected to a computer network. Used to identify the device in various forms of electronic communication.

HTTP
  • Also known as: Hypertext Transfer Protocol

Protocol for submitting data over a network, commonly used to load website content in a web browser.

HTTP referer

HTTP header field that identifies the address of the webpage (i.e., the URI or IRI) that links to the resource being requested. (Originally a misspelling of referrer.) 

HTTPS
  • Also known as: Hypertext Transfer Protocol Secure

Consists of communication over HTTP within a connection encrypted by TLS or SSL. The main motivation is authentication of the visited website and protection of the privacy and integrity of the exchanged data.

hypervisor

Computer software, firmware, or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a "host machine". Each virtual machine is called a "guest machine".

IANA
  • Also known as: Internet Assigned Numbers Authority

The Internet Assigned Numbers Authority organization delegates authority for IP address-space allocation and domain-name assignment to the NIC and other organizations and maintains a database of assigned protocol identifiers used in the TCP/IP stack, including autonomous system numbers.

Infrastructure Services

Infrastructure is the backbone of all of your business operations.

inline authentication

Authentication method that intercepts unauthorized users HTTP or HTTPS connections and redirects them to a login page, for example, on the Barracuda NextGen Firewall. After successful authentication the user is forwarded to the original destination.

instance

A "copy" of a virtual appliance/image/machine that is being installed, brought up, configured, etc. In the context of an AWS deployment, a virtual product (for example, a Barracuda CloudGen Firewall) that runs on Amazon Web Services (AWS).

instant replacement

With an Instant Replacement subscription, if your Barracuda Networks product fails, we will ship you a replacement unit within one business day so you can get back up and running soon. Instant Replacement subscriptions also work toward getting updated hardware through the Hardware Refresh program.

Intrusion Detection System

Network security feature that monitors local and forwarding firewall traffic for malicious activities.

IS
  • Also known as: intermediate system

Routing node in an OSI network.

ISDN
  • Also known as: Integrated Services Digital Network

Communication protocol offered by telephone companies that permits telephone networks to carry data, voice, and other source traffic.

iWSA

Barracuda Web Security Agent

jitter

Measure of the difference in packet delay, that is, the difference in the space between packet arrival times. Jitter can be remedied somewhat with a jitter buffer.

kb

A kilobit.

Kerberos

A network authentication protocol, designed to provide strong authentication for client/server applications by using secret-key cryptography. Available for free from the Massachusetts Institute of Technology, also available in commercial products.

latency

Delay in transmission time that occurs while information remains in a device's buffered memory (such as a bridge or router) before it can be sent along its path.

Launch Configuration

AWS template that an Auto Scaling group uses to launch EC2 instances. Contains AMI, instance type, key pair, security groups, and block device mapping.

Layer 7 Application Control

A legacy feature of the Barracuda NG Firewall. Barracuda Networks recommends using the new Application Control in Barracuda NextGen Firewall instead.

LDAP
  • Also known as: Lightweight Directory Access Protocol

Application protocol used to manage and access the distributed directory information service.

LDAPS
  • Also known as: LDAP over SSL, Secure LDAP

Connection protocol used between application and Network Directory or Domain Controller. LDAPS communication is encrypted and secure.

legacy

Latest maintenance release for the previous major firmware version.

macOS

Macintosh Operating System. Formerly known as Mac OS X.

malicious site

An Internet site that attempts to install malware onto your device, usually to steal your personal information or to disrupt the operation of your system.

Mb

A megabit.

MBPS

A unit of measure used to describe the rate of data transmission equal to one millions bits per second.

MHz
  • Also known as: megahertz

A unit of frequency equal to 10^6 hertz, which is defined as one cycle per second. 

MIB
  • Also known as: Management Information Base

A database used for managing the entities in a communication network. Often associated with SNMP.

MIME type

Two-part identifier for file formats and format contents transmitted over the Internet.

MOS
  • Also known as: Mean Opinion Score

Measure representing the overall quality of a system or stimulus, calculated by taking the arithmetic mean of individual values of quality. Often used for, but not limited to, video, audio and audiovisual quality.

multilayer switch

Switch that filters and forwards packets based on MAC addresses and network addresses. A subset of LAN switch.

multiplexing

Scheme that allows multiple logical signals to be transmitted simultaneously across a single physical channel.

multitenancy
  • Also known as: multitenant

The existence of multiple clients sharing resources (services or applications) on distinct physical hardware. Due to the on-demand nature of cloud, most services are multitenant.

name server

Server connected to a network that resolves network names into network addresses.

NAT
  • Also known as: network address translation

The process of modifying IP address information in IP packet headers while in transit across a traffic routing device. The simplest type of NAT provides a one to one translation of IP addresses.

NAT instance

A NAT device, configured by a user, that performs network address translation in a VPC public subnet to secure inbound Internet traffic.

NetBIOS
  • Also known as: Network Basic Input/Output System

API used by applications on an IBM LAN to request services from lower-level network processes. These services might include session establishment and termination, and information transfer.

Network Time Protocol
  • Also known as: NTP

Networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.

non-stub area

Resource-intensive OSPF area that carries a default route, static routes, intra-area routes, interarea routes, and external routes. The only OSPF areas that can have virtual links configured across them and that can contain an ASBR.

NoSQL

Nonrelational database systems that are highly available, scalable, and optimized for high performance. Instead of the relational model, NoSQL databases (like Amazon DynamoDB) use alternate models for data management, such as key–value pairs or document storage.

NTLM
  • Also known as: NT LAN Manager

A suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.

null ciphers

Form of encryption where the plaintext is mixed with a large amount of non-cipher material.

offline authentication

Authentication method with an internal IP address as destination. Offline Authentication Works with all protocols (for example, POP3).

offsite

Refers to a location other than the subject site. Example: Barracuda Cloud Storage subscription plans provide diverse offsite storage that scales to meet your changing data requirements.

On-Demand Instance

An Amazon EC2 pricing option that charges you for compute capacity by the hour with no long-term commitment.

ONC-RPC
  • Also known as: Open Network Computing Remote Procedure Call

Remote procedure call system based on calling conventions used in Unix and the C programming language.

onsite

At the place where a business or activity happens. Compare to offsite.

OpenStack

A free and open-source cloud computing software platform used to control pools of processing, storage, and networking resources in a datacenter.

OSB transformation

Orthogonal sparse bigram transformation. In machine learning, a transformation that aids in text string analysis and that is an alternative to the n-gram transformation. OSB transformations are generated by sliding the window of size n words over the text, and outputting every pair of words that includes the first word in the window.

OWA
  • Also known as: Outlook Web Access, Outlook Web App

Microsoft provides OWA as part of Exchange Server to allow users to connect to their email accounts via a web browser, without requiring the installation of Microsoft Outlook.

PaaS
  • Also known as: platform as a service

Cloud platform services, where the computing platform (operating system and associated services) is delivered as a service over the Internet by the provider.

packet
  • Also known as: pkt

A unit of data routed between an origin and a destination over a network.

packet fragmentation

Part of the processing of TCP IP traffic that consists of fragmenting, sending, and reassembling packets.

padding

Additional, meaningless data adds to a packet to increase its size.

PAYG

peer

A device to which a computer has a network connection that is relatively symmetrical and where both devices can initiate or respond to a similar set of requests.

persistent storage

A data storage solution where the data remains intact until it is deleted.

Personal Firewall

Component of the Barracuda Network Access Client. Centrally managed host firewall that can handle up to four different rulesets at once, depending on the policy applicable to user, machine, date, and time

phishing
  • Also known as: phishing attack

Attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. See also spear phishing.

PKCS #n
  • Also known as: Public Key Cryptography Standards

Refers to a group of standards, in the format PKCS #n, where n =1 to 15. For example: Certificates can be downloaded in PKCS #12 format, which includes the private key and certificate.

PKI
  • Also known as: Public Key Infrastructure

A system for distributing and using public encryption keys, enabling secure data exchange over the Internet.

Placement Group

Logical grouping of AWS instances within a single Availability Zone.

policy routing

Also called source-based routing, is used when the source IP address of the connection determines, in part or completely, which route is used.

policy simulator

A tool in the IAM AWS Management Console that helps you test and troubleshoot policies so you can see their effects in real-world scenarios.

polling

A means of Media Access Control where a device may only transmit information when it is given permission to transmit by a controller device.

PPTP
  • Also known as: Point-to-Point Tunneling Protocol

A network protocol that is used to establish VPN tunnels.

Premium Support

24/7 support, offered by Barracuda Networks

private subnet

A VPC subnet whose instances cannot be reached from the Internet.

public subnet

A subnet whose instances can be reached from the Internet.

RADIUS
  • Also known as: Remote Authentication Dial-In User Service, WiFi Access Point Authentication

Networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.

RAID
  • Also known as: redundant array of independent disks

Provides a way of storing the same data in different places (redundantly) on multiple hard disks.

ransomware

Malicious software designed to block access to computer files or an entire system until a sum of money is paid.

RDS

AWS term, managed Relational Database Service

real time
  • Also known as: realtime, real-time

The time in which an action is performed.

regular expression

A combination of characters or character classes and operators that describe text for matching purposes.

Reserved Instance

A pricing option for EC2 instances that discounts the on-demand usage charge for instances that meet the specified parameters. Customers pay for the entire term of the instance, regardless of how they use it.

Reserved IP addresses
  • Also known as: RIP

IP addresses reserved for special purposes. For example, IP addresses reserved and assigned to Azure cloud services.

reverse lookup zone

Support the secondary function of Domain Name System (DNS) - the resolution of IP addresses to host names.

reverse proxy

The HTTP Proxy directs incoming requests from other servers to clients without providing the origin details.

RMA
  • Also known as: Routing Information Protocol

Numbered authorization provided by a merchant, like Barracuda Networks, to permit the return of a product.

role-based administration
  • Also known as: role based administration

Gives administrators the ability to assign specific privileges to users and to present the user with only the tools and permissions necessary to perform specific tasks, based on their role within the organization.

rollback

A return to a previous state after an installation or configuration failure.

root certificate

A CA-signed or self-signed public key certificate that identifies the root certificate authority (CA).

Route 53

AWS service for DNS-based load balancing that connects user requests to EC2 instances, ELBs, S3 buckets, and Internet applications and provides health checks for monitoring or to route traffic to healthy endpoints.

route table

In AWS, a set of routing rules that controls the traffic leaving any subnet that is associated with the route table. You can associate multiple subnets with a single route table, but a subnet can be associated with only one route table at a time.

routed bridging

Bridging mode where the router acts as a bridge.

RPC protocols
  • Also known as: Rate Control Protocol, ONC-RPC, DCE-RPC

Congestion control algorithm designed for fast download times such as user response times, or flow-completion times. 

RRS

One of the four storage classes in AWS. 99.9& SLA reduced redundancy storage, lower fault tolerance, stored in 1 region.

ruleset

A collection of one or more access or application rules.

SafeSearch

Feature of Google Search that acts as an automated filter of pornography and potentially offensive content.

Salesforce

An online SaaS company that is best known for delivering customer relationship management (CRM) software to companies over the Internet.

sandboxing

A security mechanism for separating untested or untrusted programs or code, without risking harm to the host environment.

scalability

The suitability of a network system to operate properly and efficiently when configured on a large scale.

SCCP
  • Also known as: Signalling Connection Control Part, Skinny

Network layer protocol that provides extended routing, flow control, segmentation, connection orientation, and error correction facilities in Signaling System 7 telecommunications networks.

SD-WAN
  • Also known as: software-defined networking in a wide area network, software-defined WAN

A wide area network controlled by software. Control and data are decoupled, simplifying both network hardware and management.

Security Group
  • Also known as: SG

In AWS, a set of firewall rules that control traffic for the instance.

serial port

A port on a computing device that is capable of either transmitting or receiving one bit at a time. 

server certificate

Certificate for a server, signed by a valid, trusted entity, that allows access without further validation.

service certificate

Certificate for a service, signed by a valid, trusted entity, that allows access without further validation. 

session layer

The layer in the OSI 7-Layer Model that is concerned with managing the resources required for the session between two computers.

single pass

Algorithm that reads its input exactly once, in order, without unbounded buffering. Generally requires O(n) time and less than O(n) storage (typically O), where n is the size of the input.

Single Sign-On
  • Also known as: SSO

A session and user authentication service that permits a user to use one set of login credentials to access multiple applications. 

SIP

Communications protocol for signaling and controlling multimedia communication session such as voice and video calls.

Site-to-Site VPN

Securely connects entire networks to each other, for example, connecting a branch office network to a company headquarters network.

SLA
  • Also known as: service level agreement, service-level agreement

A contractual agreement by which a service provider defines the level of service, responsibilities, priorities, and guarantees regarding availability, performance, and other aspects of the service.

SMB
  • Also known as: SMBv1, SMBv2, SMBv3, Server Message Block

Operates as an application-layer network protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network.

SMS Passcode

Multi-Factor Authentication (MFA) solution that adds an extra security layer for a broad range of authentication clients.

SNA
  • Also known as: Systems Network Architecture

IBM's communications architecture and strategy.

snapshot

Capture of the state of a system at a particular point in time.

SNI
  • Also known as: Server Name Indication

An extension to the TLS computer networking protocol, where a client indicates to which hostname it is attempting to connect at the start of the handshaking process.

SNMP service

The SNMP service is used to remotely monitor the network and system state of a Barracuda NextGen Firewall using a network management system (NMS).

SNS
  • Also known as: simple notification service

Feature to push notifications to mobile services and trigger actions, in Amazon Web Services (AWS).

SNTP
  • Also known as: Simple Network Time Protocol

Network package format for time synchronization, similar to NTP, only recommended for simple applications.

Source NAT

Changing the source address/port in the IP header of a packet. Example: changing a private IP address/port into a public address/port in the IP header of a packet leaving the network.

spamtrap
  • Also known as: honey pot, honeypot, honey trap, honeytrap

An email address that is set up by an anti-spam entity, not for correspondence, but to monitor unsolicited email. 

Spot Instance

Purchasing option that allows a customer to purchase unused Amazon EC2 computer capacity at a highly-reduced rate.

spyware

Software that gathers information about a person or organization without their knowledge.

SQS
  • Also known as: Amazon Simple Queue Service, Amazon SQS

Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing service.

SSL certificate

A digital certificate that is installed on a web server, authenticates the identity of the website, and encrypts the data that is transmitted.

SSL Inspection
  • Also known as: SSL Interception

SSL Inspection transparently unencrypts, inspects, and and re-encrypts HTTPS traffic. Also has the ability to block a small section of an HTTP site (for example, allowing Google traffic, but blocking Google Play).

SSL offloading
  • Also known as: Secure Sockets Layer

Relieves a web server of the processing burden of encrypting and/or decrypting traffic sent via SSL. The processing is offloaded to a separate device designed specifically to perform SSL acceleration or SSL termination.

SSL VPN client

VPN client that can be installed on the Barracuda CloudGen Firewall and then accessed through the Barracuda SSL VPN web portal. (Barracuda SSL VPN is a different product.)

static route

Route that is explicitly configured and entered into the routing table. Static Routes take precedence over routes chosen by dynamic routing protocols.

static website hosting

Hosting of a static website in Amazon S3. When a bucket is enabled for Static website hosting, all content is accessible to web browsers via the Amazon S3 website endpoint of the bucket.

stream and packet compression

Data compression technique used in wireless networks.

subnet mask
  • Also known as: subnetwork mask, netmask

Helps you know which portion of the IP address identifies the network and which portion identifies the node. You can use subnet masks to divide networks in to subnetworks and to identify the subnetwork an IP address belongs to.

subnetting

Partitioning of an IP address space into several smaller address spaces.

syslog streaming

Method for handling of log file messages that are to be transferred to another system for analyzing purposes.

tap

An intrusion into a network cable by a connector.

TCP Proxy

The TCP Proxy is placed between browser and web server and filters requests and responses in TCP streams.

TCP/IP
  • Also known as: Transmission Control Protocol/Internet Protocol

A Transport and Network Layer Protocol, respectively, used for communication in the Internet and often in private networks.

Telnet

A protocol to access a remote computer system, often a Unix system, over the network. Origin: Teletype Network.

temporary access

A time-restricted grant of access to certain areas that are usually off-limits, without having to change the usual organization's policy. For example, for a special project on a certain date, teachers can grant temporary access for students to view specific domains or categories of domains that are usually blocked by school policy.

terminal server

Communications processor that connects asynchronous devices such as terminals, printers, hosts, and modems to any LAN or WAN that uses TCP/IP, X.25, or LAT protocols.

TFTP
  • Also known as: Trivial File Transfer Protocol

A simplified version of FTP (file tranfer protocol).

timestamp
  • Also known as: time stamp

A date/time string to mark an occurrence of an event. 

top level domain
  • Also known as: TLD

The last part of a hostname.

transparent proxy
  • Also known as: inline proxy

The HTTP Proxy operates transparently to the clients in the network.

Transport Layer Security
  • Also known as: TLS

Cryptographic protocol that provides communications security over a computer network.

unencrypt

To decrypt encrypted data. The antonym of encrypt.

unit

Product or system.

user agent

Software that acts on behalf of the user. For example, an agent might give information about a user's browser and operating system to a web site.

User Identity Awareness

Security term for traffic monitoring based on username, host, and IP address.

vertical cloud

A cloud computing environment optimized for use and built around the compliance needs of specialized industries such as healthcare, financial services, and government operations.

virtualization

Allows multiple guest virtual machines (VM) to run on a host operating system. Guest VMs can run on one or more levels above the host hardware, depending on the type of virtualization.

VLAN
  • Also known as: Virtual Local Area Network, VLAN Interface

Any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). The physical interface behaves like several interfaces, and the switch behaves like multiple switches.

VLAN tagging
  • Also known as: Virtual Local Area Network

Method to help identify packets travelling through trunk links. When an Ethernet frame traverses a trunk link, a special VLAN tag is added to the frame and sent across the trunk link. As it arrives at the end of the trunk link, the tag is removed and the frame is sent to the correct access link port according to the switch’s table, so the receiving end is unaware of any VLAN information.

Vx

Specifies virtual model of a Barracuda Networks products. For example, Barracuda Web Application Firewall 460 Vx.

WAN
  • Also known as: Wide Area Network, WLAN

A network connecting devices separated by large geographical distances, often joining multiple local access networks (LANs). 

WAP
  • Also known as: wireless application protocol

A technical standard for accessing information over a mobile wireless network. 

WCCP
  • Also known as: Web Cache Communication Protocol

Content-routing protocol developed by Cisco. Provides a mechanism to redirect traffic flows in real-time. Includes built-in mechanisms for load balancing, scaling, fault tolerance, and service-assurance.

Web 2.0

Term for a second generation of the World Wide Web, focused on the ability for people to collaborate and share information online. Web 2.0 describes World Wide Web sites that emphasize user-generated content, usability, and interoperability.

web app
  • Also known as: web application

Client–server software application in which the client (or user interface) runs in a web browser.

web caching
  • Also known as: web cache

A core design feature of the HTTP protocol meant to minimize network traffic by storing reusable responses to make subsequent requests faster. 

web interface
  • Also known as: Web UI

Web-based user interface.

web server

A computer system that processes requests via HTTP, the basic network protocol used to distribute information on the web.

Wi-Fi

A technology for wireless local area networking with devices based on the IEEE 802.11 standards. 

wireless access point
  • Also known as: wireless AP

A device that allows wireless devices to connect to a wired network using Wi-Fi or related standards. 

WPAD
  • Also known as: Web Proxy Autodiscovery Protocol, WPAD

Method used by clients to locate the URL of a configuration file, using DHCCP or DNS.

YAML

A human-readable data serialization language, commonly used for configuration files.

zero-day
  • Also known as: zero day attack

Vulnerability exploited by hackers before it is known to the vendor.