Datasheet
12
Barracuda NG Firewall
TECHNOLOGY ADVANTAGE 2
TECHNOLOGY ADVANTAGE 2
Intrusion Detection & Prevention System - Complete and
Comprehensive Real-Time Network Protection
OVERVIEW
The Barracuda NG Firewall Intrusion Detection
and Prevention System (IDS/IPS) can strongly
enhance network security by providing
complete and comprehensive real-time network
protection against a broad range of network
threats, vulnerabilities, exploits, and exposures in
operating systems, applications, and databases
preventing network attacks such as SQL
injections or buffer overflows. In addition, the
IDS/IPS keeps spyware and worms out of the
corporate network to prevent fraud and maintain
strict privacy. By constantly monitoring network
and system activities for malicious or suspicious
behavior, the Barracuda NG Firewall can react in
real-time to block and prevent such activities.
In case an attack is detected, the Barracuda NG
Firewall can drop the offending packets while
still allowing all other traffic to pass, or just detect
and log the intrusion attempt. Depending on the
severity of the threat, highly granular actions can
be assigned on a per firewall rule base enabling
the Barracuda NG Firewall to allow, block, or log
questionable traffic based on severity, location,
user/group, type, and application.
ROBUST PROTECTION AGAINST A MULTITUDE OF THREATS & EXPLOITS
The Barracuda NG Firewall provides immediate out-of-the box protection against a vast number of exploits and vulnerabilities
in operating systems, applications, and databases to prevent network attacks such as:
• SQL Injections
• Arbitrary Code Executions
• Access Control Attempts and Privilege Escalations
• Cross-Site Scripting
• Buffer Overflows
• Denial of Service (DoS) and Distributed Denial of Service
(DDos) Attacks
• Directory Traversal Attempts
• Probing and Scanning Attempts
• Backdoor Attacks, Trojans, Rootkits, Viruses, Worms and
Spywares
COUNTERING IPS EVASION AND OBFUSCATION TECHNIQUES
The Barracuda NG Firewall is able to identify and to block the advanced evasion attempts and obfuscation techniques that
are widely used by attackers to circumvent and trick traditional signature based intrusion prevention systems such as
• Packet Anomalies
• IP Fragmentation
• TCP Stream Reassembly
• RPC Defragmentation
• FTP Evasion Protection
• URL Decoding
• HTML Decoding and Decompression
• TCP Split Handshake Protection
Easy-to-use IDS/IPS policy settings