Barracuda Web Security Gateway 610
Making Web Browsing Safe for Business

Benefits:

Secure Laptops and Mobile Devices

Extend security and policies to remote users. With the Barracuda Web Security Agent and the Barracuda Safe Browser, traffic from remote clients can be filtered with the same policies set for on-network users.

Key Features: The Barracuda Web Security Agent, The Barracuda Safe Browser

Simplify Management

Centrally manage the Barracuda Web Security Gateway through the cloud. Configurations on the Barracuda Web Security Gateway are simple and easy-to-deploy ensuring customized network protection is in place in a matter of minutes.

Key Features: Cloud-Based Centralized Management, Easy-to-use Policy Configurations, Simple Pricing

Features:

Spyware and Virus Protection

All Barracuda products are supported by Barracuda Central, a 24x7 advanced security operations center that works continuously to monitor and block the latest Internet threats. Barracuda Central collects email, URLs, and other data from tens of thousands of collection points in more than 80 countries and analyzes it to develop defenses, rules, and signatures to keep networks safe.

As new threats emerge, Barracuda Central is quick to respond to early outbreaks and delivers the latest definitions through Barracuda Energize Updates. These updates require zero administration and ensure that the Barracuda Web Security Gateway provides comprehensive and accurate protection against the latest Internet threats.

Barracuda Central

All Barracuda products are supported by Barracuda Central, a 24x7 advanced security operations center that works continuously to monitor and block the latest Internet threats. Barracuda Central collects data from more than 150,000 collection points worldwide and analyzes it to develop defenses, rules, and signatures. As new threats emerge, Barracuda Central is quick to respond to early outbreaks and delivers the latest definitions through Barracuda Energize Updates. These updates require zero administration and ensure that the Barracuda Web Security Service provides comprehensive and accurate protection against the latest Internet threats.

Spyware/Malware Removal

Not only does the Barracuda Web Security Gateway prevent the potential download of malware onto the network, it can also remove it if they have been downloaded onto a computer on the network.

The Barracuda Malware Removal Tool performs a comprehensive scan of computers for any traces of spyware or other malware. This thorough scan quickly identifies potential threats residing on a computer and provides the option for removal of those that have been found.

Web 2.0 and Social-Media Regulation

The Barracuda Web Security Gateway provides granular control over Web 2.0 sites and web applications, including social media platforms. Scanning and inspecting SSL-encrypted traffic for specific categories and domains enable granular policy enforcement. Administrators can also configure the Barracuda Web Security Gateway to monitor and archive outbound web application communications like Facebook posts, tweets, and web-based email to a message archiving solution, such as the Barracuda Message Archiver. These messages can be indexed and then mined for forensic analysis. Suspicious activity alerts can also be generated using predefined or customized categories.

Application Control

In addition to standard port/protocol-based policies, the Barracuda Web Security Gateway uses real-time deep packet inspection technology to analyze protocols independent of their port of destination servers. By integrating Layer 7 protocol analysis with policy controls, the Barracuda Web Security Gateway enables complete control over application usage.

Content Filtering

The Barracuda Web Security Gateway provides flexible controls for pinpoint regulation of online activity. Administrators can create policies that control user access to 99.7 percent of commonly visited websites using 95 content categories including pornography, violence, hacking, sports, news, dating, shopping, chat, and more. Content filtering policies can be customized to restrict specific websites or look for patterns in web addresses.

The Barracuda Web Security Gateway's image/multimedia safe search feature prevents search engines such as Google, Yahoo, and MSN from displaying objectionable thumbnail images in search results. Administrators can also create policies that control web-file downloads based on file type.

SSL Inspection

Organizations can control online content normally hidden by SSL. This includes content found in social-media platforms, web-based email, and search engines. Administrators can specify domains and URL categories for which SSL-encrypted traffic will be decrypted and scanned for malware and policy. Not only can organizations restrict entire platforms, it’s now possible to enforce granular access for secure websites (e.g., YouTube for Schools).

Intuitive Dashboard Views

The Barracuda Web Security Gateway provides an intuitive dashboard interface for quick understanding of the threats and activities of users on the network. The changes are immediately apparent on the dashboard that features recent infection activity, potentially suspicious activities, a live view of TCP connection usage, and summary data of network usage.

Comprehensive Reporting

To budget computing resources and ensure adherence to corporate policies, IT and HR administrators often require detailed information about how Internet users in the network are spending time online. In addition to its powerful Web Security Gatewaying and malware protection capabilities, the Barracuda Web Security Gateway allows administrators to generate more than 60 different reports on Internet activity.

Interactive reports with multiple layers of drill-down capability can be generated on users’ web browsing activity, by domains and content categories, by time spent online, and/or by bandwidth consumption.

Suspicious Activity Alerts

The Barracuda Web Security Gateway includes pre-built English-language dictionaries of keywords and phrases pertaining to harassment, weapons, terrorism, and pornography. Administrators can configure the device to automatically generate alerts when content containing these keywords or phrases is posted to social media portals and search engines. Administrators can also add their own keywords and phrases for monitoring. The alerts are tagged with real network user identities, making it easy to identify the source, independent of online profiles.

The Barracuda Web Security Agent

The Barracuda Web Security Agent (WSA) is a tamper-proof client that can be installed on remote, off-network laptops or desktops to help implement a consistent web security policy across localized and distributed workforces. The Barracuda WSA supports both Windows and Mac OS X.

The Barracuda Safe Browser

The Barracuda Safe Browser is a full-featured web browser that enforces compliance with the policies configured on the Barracuda Web Security Gateway.

Cloud-Based Centralized Management

Barracuda Web Security Gateway are integrated with the Barracuda Cloud Control (BCC) web-based management portal, which leverages Barracuda’s global cloud infrastructure to enable organizations to centrally manage all their devices through a “single pane of glass” interface. Administrators can see a global view of all their devices as well as centrally manage policies and configuration. The intuitive interface makes it easy for small and medium-sized organizations to implement and manage their Barracuda Web Security Gateway with minimal IT overhead.

Easy-to-use Policy Configurations

The intuitive web interface allows for quick and easy configuration and administration of policy rules. Setup takes fifteen minutes or less. System information, logs, powerful policy features and reports are just a few clicks away. Reporting requires no database administration.

Simple Pricing

The Barracuda Web Security Gateway is delivered with all features and capabilities fully enabled. Content filtering and advanced malware protection is offered as a simple all-inclusive subscription without any per-user fees. The Barracuda Cloud Control management portal is included free of charge.

Barracuda Web Security Gateway CIPA Compliance

The Barracuda Web Security Gateway is ideally suited to help public schools and libraries enforce CIPA policies in an easy and cost-effective manner.

Used with the Barracuda Spam & Virus Firewall to manage email use, Barracuda Networks products can enable CIPA compliance for nearly all facets of a network.

Many schools and libraries have deployed the Barracuda Web Security Gateway as part of their overall programs to comply with CIPA.

CIPA Requirements:

1. Schools and libraries subject to CIPA may not receive the discounts offered by the E-Rate program unless they certify that they have an Internet safety policy and technology protection measures in place. An Internet safety policy must include technology protection measures to block or filter Internet access to pictures that: (a) are obscene, (b) are child pornography, or (c) are harmful to minors for computers that are accessed by minors
2. Schools subject to CIPA are required to adopt and enforce a policy to monitor online activities of minors
3. Schools and libraries subject to CIPA are required to adopt and implement a policy addressing: (a) access by minors to inappropriate matter on the Internet; (b) the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications; (c) unauthorised access, including so-called "hacking," and other unlawful activities by minors online; (d) unauthorised disclosure, use, and dissemination of personal information regarding minors; and (e) restricting minors' access to materials harmful to them.

Download the Barracuda Web Security Gateway CIPA Compliance Whitepaper (.PDF)

Model Comparison:

All 7 models of the Barracuda Web Security Gateway come with a full suite of standard features. The following features are ones which vary by model.

*Also available as virtual appliances for data center environments.
¹ limited capabilities see link for details https://techlib.barracuda.com/WF/UsingSSLInspection

Security Features

Views:

Front Panel

The following figure illustrates the Barracuda Web Security Gateway 210 power and disk activity indicator lights.

Rear Panel Ports and Connectors

The following image illustrates the Barracuda Web Security Gateway 210 rear panel ports and connectors.

Deployments:

Barracuda Web Security Gateway Technology

The Barracuda Web Security Gateway combines preventative, reactive, and proactive measures to form a complete content filtering and anti-malware solution for businesses of all sizes. The Barracuda Web Security Gateway enforces Internet usage policies by blocking access to objectionable content and unauthorised Internet applications, while its award-winning anti-malware technology blocks spyware downloads, prevents viruses, and blocks requests to malicious websites. To ease deployment, Barracuda Web Security Gateway seamlessly integrates with existing network components and user authentication systems. Web-based threats evolve swiftly, so as new requirements emerge-e.g., social-networking control-the Barracuda Web Security Gateway is automatically updated with new capabilities to meet those requirements, at no extra charge. With industry-leading capabilities and no per-user licensing fees, the Barracuda Web Security Gateway is the most cost-effective solution in the industry.

Comprehensive Web Security Gatewaying

Layered Approach: Barracuda multilayered approach to Web Security Gatewaying includes a variety of technologies to regulate web usage and protect against malware. The Barracuda Web Security Gateway gives administrators granular control to manage bandwidth usage, visits to websites, and use of Internet applications to enforce corporate Internet usage policy. Several layers of defense protect against all forms of harmful traffic between internal clients and the Internet, including HTTP, HTTPS, FTP, and application protocols. The measures include: IP-based policy controls, spyware protocol detection and blocking, user authentication, application protocol blocking, URL filtering, user/group-based policy controls, early detection and deep content inspection for virus checking, file type blocking, spyware download blocking, and desktop spyware protection.

Barracuda Central: All Barracuda Networks products are supported by Barracuda Central, a 24x7 advanced security operations center that works continuously to monitor and block the latest Internet threats. Barracuda Central collects email, URLs, and other data from tens of thousands of collection points located in more than 80 countries. In addition, Barracuda Central gets data contributions from more than 150,000 collection points and analyzes the data collected to develop defenses, rules, and signatures to defend your network. As new threats emerge, Barracuda Central is quick to respond to early outbreaks and delivers the latest definitions through Barracuda Energize Updates. These updates require zero administration and ensure that the Barracuda Web Security Gateway provides comprehensive and accurate protection against the latest Internet threats.

Barracuda Central monitors data 24x7 from more than 150,000 Barracuda Networks products in over 80 countries and 17 languages. As new threats emerge, Barracuda Central quickly responds to outbreaks and delivers the latest definitions through automatic Barracuda Energize Updates.

Content Filtering:
Recreational web browsing adversely impacts employee productivity and exposes the network to malware threats. With Barracuda Web Security Gateway, administrators can create policies that control user access to websites using multiple methods, including URL content categories, URL by domain or pattern, and file type blocking. Administrators can choose to block, allow, warn, or monitor access to these domains based on corporate policies.

Application Filtering:
The Barracuda Web Security Gateway provides extremely granular control over Web 2.0 sites and applications, which allows administrators to limit access based on activity type within the same portal. For example, an organization may want to use Facebook or Twitter for viral marketing campaigns but prevent employees from playing games on Facebook or leaking confidential information through Twitter. (Traditional content filtering solutions either completely block or allow unrestricted access to these types of content and web applications.) In addition, administrators can configure the Barracuda Web Security Gateway to archive outbound social media communications, like Facebook posts, tweets, and web-based email, to a message archive solution like the Barracuda Message Archiver. These messages can be searched to comply with HR or litigation requests. This level of functionality allows organizations to provide mission-critical access to Web 2.0 sites while restricting time and bandwidth wasting actions and applications.

Gateway Malware Protection:
The Barracuda Web Application Filter's spyware protection engine blocks access to blacklisted sites in the extensive, up to date Barracuda Central Database. It also unpacks and examines individual files within 17 different types of archives for viruses and spyware. It can be configured to block password-protected archives that may contain harmful payloads. And, it scans inbound traffic for spyware, adware, trojans, and viruses.

Integrated Desktop Spyware Protection:
From inside the network, the Barracuda Web Security Gateway identifies and blocks communications from infected systems to the Internet. By monitoring traffic at Layer 4, the Barracuda Web Security Gateway detects and blocks outbound spyware activity across all protocols and ports. Once an infected machine is identified, the Barracuda Web Security Gateway intercepts web browsing sessions and presents the user with the Barracuda Spyware Removal Tool in the form of an ActiveX control. The Barracuda Web Security Gateway provides complete security, without the need to install client software on each workstation, by integrating powerful gateway and desktop spyware protection strategies.

Transparent User Authentication:
The Barracuda Web Security Gateway integrates with popular LDAP servers including Microsoft Active Directory, Novell eDirectory, and IBM Lotus Domino Directory. It transparently authenticates workers using their Windows credentials over NTLM or Kerberos when IP-based authentication is not feasible. This is useful in terminal services, Network Address Translation (NAT), or other thin client environments such as Citrix, where multiple clients share one IP address.

Policy Management:
A powerful policy engine supports granular policies by user, group, IP address ranges, or time. The Barracuda Web Security Gateway allows custom creation of allow and block lists, specification of URL patterns, and restriction of Internet downloads based on MIME type, e.g., executables, streaming media, or videos. Administrators can control Internet access from specific client machines or external servers based on source or destination IP address and ports. In addition, exception rules can be created to override global policies and further refine Internet access policy.

SSL Visibility:
The combination of SSL Filtering and SSL Inspection lets customers filter SSL (HTTPS) websites subject to the same filtering rules and policies applied to HTTP traffic. With SSL Filtering, the Barracuda Web Security Gateway monitors Domain Name System (DNS) traffic generated by HTTPS requests and stores an internal database that maps IP addresses to domain names. Using this database, the Barracuda Web Security Gateway can apply policies based on the IP addresses without actually decrypting the traffic to identify domain names. Also, if users require more of granular control, SSL Inspection would decrypt and scan user HTTPS web requests, enabling malware detection and web policy enforcement. It does this by acting as a secure intermediary between user HTTPS web requests and the destination web server (i.e., Facebook, YouTube). After processing, this HTTPS traffic will be re-encrypted on the fly by the Barracuda Web Security Gateway and routed to the destination web server.

Remote Filtering
The Barracuda Web Security Gateway extends protection beyond the network perimeter with the Barracuda Web Security Agent (WSA) and the Barracuda Safe Browser (BSB). The WSA is a tamper-proof client software for off-network Windows and Mac OS X computers, while the BSB is a fully-functional mobile browser for iOS-based devices. In both cases, web traffic from remote clients is filtered through a central Barracuda Web Security Gateway to apply the same web policies to users on and off the network. Both the WSA and the BSB can be centrally configured from the administrator interface. Together, these powerful solutions let organizations implement a consistent web policy across local and distributed workforces without purchasing additional tools.

Barracuda Web Security Gateway Core Technologies:

	Hardened OS Based on the popular Linux open source kernel that has stood up to scrutiny among security researchers, the Barracuda Web Security Gateway operating system is hardened for maximum security and stability. In addition to internal testing, Barracuda Networks credits the "white hat" research community who continually work with security vendors to uncover and resolve potential vulnerabilities in both the Linux operating system and its associated utilities. While the vast majority of technology in the Barracuda Web Security Gateway is proprietary, Barracuda Networks does leverage secure and proven open source alternatives whenever possible.
	Security Barracuda Central leverages web crawling technologies, its network of spam collection points, and feedback from Barracuda Networks' installed base of more than 150,000 customers, to build the most effective database of malware definitions and URLs. With spyware and virus protection at the gateway combined with content and application filtering, the Barracuda Web Security Gateway effectively shields against network threats and helps customers implement security strategies.
	Management The Barracuda Web Security Gateway is designed to satisfy the diverse needs of small and medium businesses, enterprises, educational institutions, and government agencies. Administrators manage the device through a simple web-based interface. The Barracuda Web Security Gateway's policy management engine supports granular policy at several user levels. It can control Internet access by individuals, groups, or machines within the organization based on a combination of criteria. Access lists, IP-based policies, and exception rules can be combined and customized to provide maximum flexibility to administrators. The Barracuda Web Security Gateway supports role-based administration through which multiple administrative user accounts can be delegated to specific roles and assigned control over specific users and groups. These user accounts can be restricted to only generating reports or creating policies for specific users or groups of users. Role-based administration lets IT administrators maintain system-level control for security and to delegate policy definition and enforcement to individual departments.
	Reporting The Barracuda Spam & Virus Firewall provides email continuity in case of disasters through its Cloud Protection Layer. In the event of on-premises disruptions, emails can be spooled in this cloud layer for up to 96 hours with attempts to resend the spooled messages at preset intervals. An alternative destination can also be specified for email delivery if delivery to the primary destination fails.
	Clustering and Scalability The Barracuda Web Security Gateway supports clustering of multiple units for both management and scalability. For centralized management, Barracuda Web Security Gateway link together to share configuration and policy across the cluster and administrators can change policy across the cluster from any unit. Clustered systems can be geographically dispersed and do not need to be co-located on the same network. Barracuda Web Security Gateway can be placed on redundant network paths for high availability deployments. Barracuda Web Security Gateway also supports the Web Cache Communication Protocol (WCCP). WCCP provides for load balancing, fault tolerance, and linear scalability across multiple Barracuda Web Security Gateway. Through these features, it's equipped to handle the needs of the largest enterprise environments.

Barracuda Web Security Gateway FAQ:

Does the Barracuda Web Security Gateway support off-network users?

Yes. The Barracuda Web Security Agent comes with the Barracuda Web Security Gateway 410 and higher models. The Barracuda Web Security Agent is downloadable client software for installation on off-network Windows and Mac computers. The agent provides the same malware protection and policy enforcement as configured on the Barracuda Web Security Gateway appliance. Administrators can configure the agent to either route traffic through a central Barracuda Web Security Gateway or route traffic through a local gateway to lookup policies and enforce rules locally.

Can the Barracuda Web Security Gateway block different sites for different users?

Yes, the Barracuda Web Security Gateway lets administrators customize policies for specific users, groups, and IP address ranges in the organization. Administrators can also establish time ranges for those policies.

Custom policy examples:

• To prevent users from job hunting while at work, create a policy that gives only the human resources group access to job-board sites.
• Defining separate access policies for teachers and students.
• Grant unrestricted web access to compliance officers for investigations.
• The Barracuda Web Security Gateway integrates with LDAP directory servers for user and group membership information. It also integrates with Windows domain controllers for easy user authentication.

What kinds of directory servers are supported?

The Barracuda Web Security Gateway supports any LDAP compatible directory server, including Active Directory, Domino Directory, eDirectory and Open LDAP.

How are users authenticated?

The Barracuda Web Security Gateway supports three types of authentication:

• For Windows domains, the Barracuda Web Security Gateway has Barracuda DC Agent software to install on Windows Domain Controllers. This software monitors Windows login events and maps Windows user names and IP addresses to the Barracuda Web Security Gateway to transparently apply user policy.
• When users try to access a blocked resource, the Barracuda Web Security Gateway displays a page that requests a username and password. This method doesn't require the Barracuda DC Agent or configuring users' browsers.
• If configured in forward proxy mode, the Barracuda Web Security Gateway can use standard proxy authentication in which browsers send the authentication credentials in the HTTP headers. This form of authentication can require a one-time configuration of users' web browsers. Proxy authentication is not compatible with the Barracuda Web Security Gateway while running in transparent mode.

If I have a proxy server in my network, how would I deploy the Barracuda Web Security Gateway?

The Barracuda Web Security Gateway can work with your proxy server either as a cascading proxy server or in transparent mode. We normally recommend replacing a proxy server with the Barracuda Web Security Gateway.

Can the Barracuda Web Security Gateway operate in VLAN environments?

Yes. The Barracuda Web Security Gateway is fully compatible with VLAN environments.

Documentation:

Download the Barracuda Networks Web Security Gateway Data Sheet (.PDF)

Download the Barracuda Networks Web Security Gateway Technology Data Sheet (.PDF)