Support for Antivirus data scanning
WinGate includes support for several plug-in components which are available separately. These data scanning components allow you to scan content passing through WinGate proxies. One component is an AntiVirus plugin, called Kaspersky AntiVirus for WinGate (KAVWG). The AntiVirus technology in this plugin is licensed from the well-respected Kaspersky Labs.
Service support for plugins
Several proxies and services in WinGate support scanning content for viruses using this plugin, these are:
If a file fails scanning because it contains a virus, it is placed in WinGate's quarantine, where it may be released by the system administrator.
- The SMTP server. This scans all received mail, and mail retrieved using POP3 collection
- The WWW proxy. This scans files as they are downloaded to your browser, and can detect not only files containing viruses (i.e. infected EXEs or ZIP files), but also iFrame exploits, and common attacks against web browsers.
- The POP3 Proxy. If you collect your email from a POP3 server on the Internet through WinGate's POP3 Proxy, you can also scan the email as it is being retrieved for viruses.
- The FTP proxy. Files being downloaded or uploaded can be scanned for viruses.
Back to top
WinGate's ENS component provides for a number of features at the packet level. Because of where the WinGate ENS driver hooks into the networking subsystem of your computer, it sees all incoming packets before Windows itself does. This means WinGate's firewall can protect your system by blocking access to ports that you specify.
Stateful packet-level firewall
The firewall also is stateful in that it maintains a database of all connections through the system, and knows which state they are in. This allows WinGate to block certain attacks that other non-stateful firewalls cannot.
Additionally the firewall in WinGate can also harden your system against certain attacks on ports that you need to leave open for external access. For example if you are running a public web server, or mail server on the same machine as WinGate, the firewall can provide SYN flood protection and a number of other protective mechanisms.
Back to top
WinGate allows you to define interfaces as being connected to certain types of network:
Adapter usage configuration
This provides the capability to set up a DMZ connected to any interface specified by you as being of that type.
- Internal network (i.e. your LAN)
- External network (i.e. the Internet)
- a de-militarized zone (DMZ)
A network connected to a DMZ interface in WinGate is protected from the Internet, and also firewalled from Internal Interfaces. You have separate control over which ports are available from the Internet, but the key difference between a DMZ interface, and an Internal interface, is that packets going from the DMZ to the Internet are not address translated (NAT is not performed), therefore the machines on the DMZ must have public IP addresses.
Back to top
With a lot of todays network attacks coming from within the corporate LAN, be it from an employee unwittingly receiving virus infected emails, or deliberately running malicious applications; controlling what occurs on your network is all important.
Application execution control
WinGate, in conjunction with the WinGate Internet Client (WGIC), allows remote client lockdown to prevent undesirable applications from running.
Whenever a program on a client machine loads up, if it uses any sort of networking that uses Windows Sockets, and attempts to make a socket connection, the WinGate Internet Client will intercept it, and check with WinGate if the program is allowed to run or not. WinGate can be configured to give a variety of responses, ranging from allowing the program to have global internet access, to not even be able to run on the local client machine.
Back to top
The Syn cookies feature allows WinGate's Network driver to protect the host operating system from Syn Flood attacks.
Syn flood attacks are usually performed using fake source IP addresses, and deny service by tying up the victim with a large number of half-open connections. Syn cookies allow the driver to pre-filter valid connection requests from the host system, by generating response packets on behalf of the host system (SYN-ACK packet). When the final ACK packet of a TCP 3 way handshake is received, the WinGate network driver then initiates the TCP 3 way handshake to the host system. Since attackers typically fake up the source IPs on the initial connection request packet, they won't receive the acknowledgement packets and won't be able to complete the 3 way handshake. Only valid connections will then be able to proceed.
Back to top