Features - Security

Features related to security

Stateful packet-level firewall

WinGate's ENS component provides for a number of features at the packet level. Because of where the WinGate ENS driver hooks into the networking subsystem of your computer, it sees all incoming packets before Windows itself does. This means WinGate's firewall can protect your system by blocking access to ports that you specify.

The firewall also is stateful in that it maintains a database of all connections through the system, and knows which state they are in. This allows WinGate to block certain attacks that other non-stateful firewalls cannot.

Additionally the firewall in WinGate can also harden your system against certain attacks on ports that you need to leave open for external access. For example if you are running a public web server, or mail server on the same machine as WinGate, the firewall can provide SYN flood protection and a number of other protective mechanisms.

AntiVirus settingsSupport for Antivirus data scanning

WinGate includes support for several plug-in components which are available separately. These data scanning components allow you to scan content passing through WinGate proxies. One component is an AntiVirus plugin, called Kaspersky AntiVirus for WinGate (KAVWG). The AntiVirus technology in this plugin is licensed from the well-respected Kaspersky Labs.

Several proxies and services in WinGate support scanning content for viruses using this plugin, these are:

  • The SMTP server. This scans all received mail, and mail retrieved using POP3 collection
  • The WWW proxy. This scans files as they are downloaded to your browser, and can detect not only files containing viruses (i.e. infected EXEs or ZIP files), but also iFrame exploits, and common attacks against web browsers.
  • The POP3 Proxy. If you collect your email from a POP3 server on the Internet through WinGate's POP3 Proxy, you can also scan the email as it is being retrieved for viruses.
  • The FTP proxy. Files being downloaded or uploaded can be scanned for viruses.

Service support for pluginsIf a file fails scanning because it contains a virus, it is placed in WinGate's quarantine, where it may be released by the system administrator.

Application execution control

With a lot of todays network attacks coming from within the corporate LAN, be it from an employee unwittingly receiving virus infected emails, or deliberately running malicious applications; controlling what occurs on your network is all important.

Central WGIC configurationWinGate, in conjunction with the WinGate Internet Client (WGIC), allows remote client lockdown to prevent undesirable applications from running.

Whenever a program on a client machine loads up, if it uses any sort of networking that uses Windows Sockets, and attempts to make a socket connection, the WinGate Internet Client will intercept it, and check with WinGate if the program is allowed to run or not. WinGate can be configured to give a variety of responses, ranging from allowing the program to have global internet access, to not even be able to run on the local client machine.

DMZ Support

WinGate allows you to define interfaces as being connected to certain types of network:

  • Internal network (i.e. your LAN)
  • External network (i.e. the Internet)
  • a de-militarized zone (DMZ)

Adapter usage configurationThis provides the capability to set up a DMZ connected to any interface specified by you as being of that type.

A network connected to a DMZ interface in WinGate is protected from the Internet, and also firewalled from Internal Interfaces. You have separate control over which ports are available from the Internet, but the key difference between a DMZ interface, and an Internal interface, is that packets going from the DMZ to the Internet are not address translated (NAT is not performed), therefore the machines on the DMZ must have public IP addresses.

Secure connections (SSL access to proxies)

SYN-cookies

Syn cookies allow WinGate to control a session of packets before they are allowed to even enter the port by keeping track of valid Ack requests from a host on the Internet, so that bogus packets (which can be used in a Network attack called a SynFlood type of attack) will have less chance to penetrate WinGate's defences.
This option is not ticked by default to allow for maximum application session compatibility and should only be implemented by administrators who are experienced with TCP session mechanisms.