Barracuda Web Application Firewall (Model 660)
Strengths: Monitoring of several servers and applications at once and extensive feature set.
Weaknesses: Slight potential for confusion during initial configuration. Updates for subscription are priced extra, but required.
Verdict: A good choice for a web application firewall. This month’s Recommended product.
Barracuda Networks is a venerable company with a rapidly growing line of security tools. Once known primarily for email security, Barracuda now provides a host of products, such as the Web Application Firewall (Model 660), a useful tool that provides protection for web applications. These web applications can range from a simple website to FTP servers. Our testing of the WAF 660 involved using a BackTrack 5 machine and a Windows 7 target with Internet Information Services (IIS) installed. This Barracuda product protected and logged attacks sent to the IIS server as advertised.
The tool sports an extensive feature set, including most of the functionality one would expect in an application firewall and a few that raise this product above most others. Typical protection includes DDoS, botnet and outbound data leakage prevention (DLP) capabilities. Integration with SIEMs and the expected malware protection are, of course, part of the product.
The WAF 660 has an above average, well-organized user interface design that gives the user access to a web firewall and access and audit logs,with the ability to create reports based off of the logs. Along with these, the GUI gives the user performance and WAF statistics, such as active servers, CPU temperature, WAN/LAN port status, total attacks, and daily and hourly attacks with graphic and non-graphic reports.
The initial configuration can be somewhat confusing as there are two ports in the front and the back. The important WAN/LAN ports are in the front, instead of being in the back as in most servers. That important feature should be noted when deciding on how to rack the device for greatest efficiency. Once the appliance is initially configured, the administrator can access the device's user interface using the WAN IP, allowing configuration of the LAN IP and the services they want the WAF to protect.
The logging is useful to not only system administrators, but to investigators. The administrator is able to create a log in the form of CSV files and the investigator is able to download these CSV files to analyze. Rules can be made to allow or deny specific IP addresses and ports that access the specific servers.
The WAF 660 has a reasonable price of $9,999, plus the required one year Energize Updates subscription of $2,699. This takes its pricing into the average range for this product type. We wondered, though, why the update cost was not simply rolled into the base price of the product for the first year. Given its extensive feature set, though, the WAF 660 still is a good value for the money.
The support website is a fine mix of just about everything a user or prospective user needs.
Although there was a bit of a challenge with our initial configuration, once that is complete, the user can set up rules and services easily, knowing only basic information about the servers and application.
Stephen Resto contributed to this review.