WinGate (computing)

From Wikipedia, the free encyclopedia

WinGate is an Integrated Gateway Management system for Microsoft Windows, providing firewall and NAT services, along with a number of integrated proxy servers and email services (SMTP, POP3 and IMAP servers).

In the mid to late 1990s, WinGate was almost ubiquitous in homes and small businesses that needed to share a single Internet connection between multiple networked computers. The introduction of Internet Connection Sharing in Windows 98 however, combined with increasing availability of cheap NAT-enabled routers, forced WinGate to evolve to provide more than just internet connection sharing features. Today, focus for WinGate users is primarily access control, reporting, bandwidth management and content filtering.

Contents

[edit] Features

WinGate runs on all versions of Microsoft Windows, from Windows 95 onwards. At its core, WinGate provides all 3 levels of Internet Access: a stateful packet level firewall with NAT, several circuit-level proxies (SOCKS 4/5, and proprietary Winsock redirector), and multiple proxy servers. This provides a comprehensive access framework, and allows the maximum level of access control.

WinGate's policy framework allows the creation of specific access rules, based on user account details, request details, location of user, authentication level and time of day. The policy framework is based on a user database and user authentication. WinGate allows use of either WinGate's built-in user database, the Windows user database, or the user database of an NT domain or Active Directory. Authentication can use integrated windows usernames and passwords (NTLM) and other authentication schemes. WinGate can also be used without authentication, or can assume user identity based on IP address or computer name.

WinGate can also authenticate individual users on a Terminal server, and maintain separate user contexts to provide user-level control, and for applications that do not support authentication by using the WinGate Client software.

WinGate provides a fully customizable, self-configuring DHCP server to assist with network configuration. It also supports multi-interface and multiple topology deployment including multiple DMZs.

WinGate provides an integrated Email server (POP3 server and retrieval client, SMTP server, and IMAP4 server) with message routing features and per-email restrictions. This can be used to provide company email services, or to provide protection and additional security (encryption and authentication) for an existing email system.

The WWW Proxy provides a transparent proxy for ease of administration, plus a shared proxy cache for improved surfing performance. It can also be used to secure access to internal web servers with either browser-based authentication or a Java-based applet.

Proxy services in WinGate support SSL/TLS connections, dynamic network binding (automatic response to network events such as addition or removal of network interfaces), and gateway pre-selection (to direct service for a particular application out a specific Internet connection).

Packet-level bandwidth management is also provided to allow control of bandwidth associated with certain users or applications, and is able to be configured on a per-time-of-day basis.

WinGate comes in three versions, Standard, Professional and Enterprise. Enterprise edition also provides an easily configured virtual private network system, which is also available separately as WinGate VPN. Licensing is tiered by the number of concurrently connected users, and available in a range of sizes to suit any budget or network size.

Also available for WinGate are optional components that provide Antivirus scanning for email, web and FTP, and content filtering for web traffic.

[edit] Notoriety

Versions of WinGate prior to 2.1d (1997) shipped with an insecure default configuration that - if not secured by the network administrator - allowed untrusted third parties to proxy network traffic through the WinGate server. This made open WinGate servers common targets of hackers looking for anonymous redirectors through which to attack other systems. While WinGate was by no means the only exploited proxy server, its wide popularity amongst users with little experience administering networks made it almost synonymous with open SOCKS proxies in the late 1990s[1]. Furthermore since a restricted (2 users) version of the product was freely available without registration, contacting all WinGate users to notify of security issues was impossible, and therefore even long after the security problems were resolved, there were still many insecure installations in use.

[edit] Sobig

Some versions of the Sobig virus installed a pirated copy of WinGate 5 in a deliberately insecure configuration to be used by spammers. These installations used non-standard ports for SOCKS and WinGate remote control and so in general did not interfere with other software running on the infected host computer. This resulted in some antivirus programs incorrectly identifying WinGate as a virus and removing it.

[edit] Version History

Date Version
2006 WinGate 6.2
2005 WinGate 6.1
2004 WinGate 6.0
2003 WinGate 5.2.3 (last version in this family)
2002 WinGate 5.0
2001 WinGate 4.5 (last version in this family)
2000 WinGate 4.0
1998 WinGate 3.0
1996 WinGate 2.0
1995 WinGate 1.0

[edit] References

  1. ^ Exposing the Underground: Adventures of an Open Proxy Server. LURHQ. Retrieved on 2007-02-04.

[edit] External links

In other languages