Mapped link advanced features contents.gifprev1.gifnext1.gif

Mapped link advanced features

The mapped links are in some ways more limited than the other proxies, but more flexible in others.

wingate200090000.gif Mappings can be based on individual user needs. Configurations can differ per user, location or Dialer profile.

wingate200090000.gif The TCP mappings have the option of encryption. Encryption is the process of making data secure by making it extremely difficult for anyone but the intended user to understand.

Encryption in WinGate

WinGate can use encryption in the mapped links to make a secure data channel for WinGate-to-WinGate mapped links. Consider this situation. Many companies have Mail, telnet, HTTP or FTP servers for employees and clients to access at will. Commonly this is sensitive information. These servers are text driven programs and, like mail, when you send the password, it is transmitted in the clear. That means anyone with the ability to sniff your packets on the Internet can get hold of your passwords, and intercept data. For this reason, many companies requiring secure remote access to their servers have leased lines or dial in servers so that the communications do not take place over the Internet. This can be very expensive.

This is where WinGate comes in. WinGate can encrypt all the data you send from your LAN machine to the Internet or external network. It sends the data to another WinGate machine, and the data is decrypted. This only works with mapped links. This can provide access for telnet, HTTP, email and others. Using encrypted mapping proxies, a company can provide secure access to their file server, and mail, and terminal programs.

Adding an encrypting mapped link

1. Add a TCP mapped link, use a suitable name such as Encrypting TCP link

2. Select a port. It is usually safe to use port numbers above 10000

3. Select the Encryption tab

4. Select the Incoming or Outgoing encryption option

5. Enter details according to your needs

Example 1 - secure access to files servers

A company has two offices, one in Auckland, another in Melbourne. They want to be able to access the files on the Melbourne file server across the Internet securely.

Steps: In Melbourne.

1. Run an HTTP server on the file server

2. Put in a mapped link in the Melbourne WinGate, say on port 3080, which maps through to the HTTP server on the file server

Steps: In Auckland:

1. Put in an encrypted mapped link on port 3080, which maps through to the Melbourne WinGate on port 3080.

Now to browse and retrieve and upload files, a user simply uses a WWW Browser, and types in the URL

http://wingate:3080

The browser will then connect to the WinGate in Auckland, which will make an encrypted connection to the WinGate in Melbourne, and plug through to the HTTP server. Using directory browsing on the HTTP server, the Netscape user in Auckland can easily browse files, and download them. If your HTTP server supports the PUT method, you can even upload files to the server, giving you basically full access all through the browser.

Example 2 - secure Unix access

A company has a Unix server on which they run their order-entry system. They want to provide secure access to this system over the internet so that their staff in remote offices (or even from home) can work on the server securely.

Step: Main office

1. Set up an encrypted mapped link on say port 3023 which plugs through to the Unix telnet server on port 23

Step: Remote office

1. Set up an encrypted mapped link on say port 3023 which plugs through to the main office server on port 3023

To connect securely to the main office server, the users simply telnet to WinGate on port 3023. They will then be presented with the logon prompt of the Unix machine in the main office, but all communications are encrypted.