Features

Support for Antivirus data scanning
Stateful packet-level firewall
DMZ Support
Application execution control
SYN-cookies
Secure connections (SSL access to proxies)

Support for Antivirus data scanning

Kaspersky AntiVirus for WinGate allows the user to scan incoming and outgoing Web, POP3, and SMTP traffic for known viruses. The plugin also integrates with WinGate's scheduler service to obtain regular virus signature updates.

AntiVirus settings

several WinGate services support WinGate plugins (including Kaspersky AntiVirus for WinGate, or PureSight for WinGate). These services are: SMTP server, POP3 Proxy, WWW Proxy.

Service support for plugins

WinGate includes support for several plug-in components which are available separately. These data scanning components allow you to scan content passing through WinGate proxies. One component is an AntiVirus plugin, called Kaspersky AntiVirus for WinGate (KAVWG). The AntiVirus technology in this plugin is licensed from the well-respected Kaspersky Labs.

Several proxies and services in WinGate support scanning content for viruses using this plugin, these are:

The SMTP server. This scans all received mail, and mail retrieved using POP3 collection
The WWW proxy. This scans files as they are downloaded to your browser, and can detect not only files containing viruses (i.e. infected EXEs or ZIP files), but also iFrame exploits, and common attacks against web browsers.
The POP3 Proxy. If you collect your email from a POP3 server on the Internet through WinGate's POP3 Proxy, you can also scan the email as it is being retrieved for viruses.
The FTP proxy. Files being downloaded or uploaded can be scanned for viruses.

If a file fails scanning because it contains a virus, it is placed in WinGate's quarantine, where it may be released by the system administrator.
Back to top

Stateful packet-level firewall

WinGate's ENS component provides for a number of features at the packet level. Because of where the WinGate ENS driver hooks into the networking subsystem of your computer, it sees all incoming packets before Windows itself does. This means WinGate's firewall can protect your system by blocking access to ports that you specify.

The firewall also is stateful in that it maintains a database of all connections through the system, and knows which state they are in. This allows WinGate to block certain attacks that other non-stateful firewalls cannot.

Additionally the firewall in WinGate can also harden your system against certain attacks on ports that you need to leave open for external access. For example if you are running a public web server, or mail server on the same machine as WinGate, the firewall can provide SYN flood protection and a number of other protective mechanisms.
Back to top

DMZ Support

Adapters in the system can be configured for how they will be treated by WinGate. This allows the administrator to mark an interface as internal, external, or DMZ. Alternatively WinGate can automatically determine the most likely usage. This allows very flexible network configuration, and allows WinGate to adapt to changes in networks (i.e. if you unplug an adapter from one network and plug it into another, the usage may change).

Adapter usage configuration

WinGate allows you to define interfaces as being connected to certain types of network:

Internal network (i.e. your LAN)
External network (i.e. the Internet)
a de-militarized zone (DMZ)

This provides the capability to set up a DMZ connected to any interface specified by you as being of that type.

A network connected to a DMZ interface in WinGate is protected from the Internet, and also firewalled from Internal Interfaces. You have separate control over which ports are available from the Internet, but the key difference between a DMZ interface, and an Internal interface, is that packets going from the DMZ to the Internet are not address translated (NAT is not performed), therefore the machines on the DMZ must have public IP addresses.
Back to top

Application execution control

With a lot of todays network attacks coming from within the corporate LAN, be it from an employee unwittingly receiving virus infected emails, or deliberately running malicious applications; controlling what occurs on your network is all important.

WinGate, in conjunction with the WinGate Internet Client (WGIC), allows remote client lockdown to prevent undesirable applications from running.

Whenever a program on a client machine loads up, if it uses any sort of networking that uses Windows Sockets, and attempts to make a socket connection, the WinGate Internet Client will intercept it, and check with WinGate if the program is allowed to run or not. WinGate can be configured to give a variety of responses, ranging from allowing the program to have global internet access, to not even be able to run on the local client machine.

SYN-cookies

The Syn cookies feature allows WinGate's Network driver to protect the host operating system from Syn Flood attacks.

Syn flood attacks are usually performed using fake source IP addresses, and deny service by tying up the victim with a large number of half-open connections. Syn cookies allow the driver to pre-filter valid connection requests from the host system, by generating response packets on behalf of the host system (SYN-ACK packet). When the final ACK packet of a TCP 3 way handshake is received, the WinGate network driver then initiates the TCP 3 way handshake to the host system. Since attackers typically fake up the source IPs on the initial connection request packet, they won't receive the acknowledgement packets and won't be able to complete the 3 way handshake. Only valid connections will then be able to proceed.