Remote access with hardware encryption

With its specially designed hardware-encryption and numerous security features, the ECOS SECURE BOOT STICK [HE] takes the proven ECOS SECURE BOOT STICK [CL] to a whole new security level.

The stick provides highly secure access to a terminal server or virtual desktop infrastructure and web applications in a secured, encapsulated environment.

Any PC or Mac can boot the specially hardened ECOS Secure Linux operating system on the ECOS SECURE BOOT STICK [HE] . The internal hard disk is disconnected, so no malware on the hard disk will ever get a chance.
Switching off the internal hard disk ensures 100% separation between professional and private use of the PC.

The ECOS SECURE BOOT STICK [HE] not only provides the security of a protected and encapsulated environment, it also serves as a strong multi-factor authentication. The stick is coupled with a cryptographic key in the hardware.

Applications

• RDP client, Citrix Workspace app (formerly Citrix Receiver), VMware Horizon via RDP, PCoIP, BLAST, Firefox, Chromium, VNC Viewer, VPN client for IPsec
• Citrix HDX RealTime Media Engine to optimize audio and video transmission for Skype for Business and Microsoft Teams
• Microsoft RemoteFX for optimizing audio quality with RDP

Supported destination systems

• Microsoft RDSH, WTS 2000 and later, RDS, RD sharing, Citrix Virtual Apps & Desktops, VMware Horizon or web server

VPN

• Connection to default gateway via IPsec, OpenVPN or HTTPS
• Additional VPN clients: Cisco AnyConnect, Juniper, F5 (additional licenses may be required)

Administration

• Profiles for access to different applications/servers on user, group or role level
• Use of local resources after release (external USB storage devices, local printers)
• Rights assignment for external devices bound to manufacturer ID or serial number of the device
• Remote update of all applications and firmware

Compatibility

• Drivers for all popular 64-bit PCs, Macs and tablets with x86 architecture
• UEFI Secure Boot support
• Keyboard drivers for more than 90 languages and countries
• Multi-monitor support
• Connection by LAN, WLAN, UMTS, LTE incl. browser for login to hotspot
• Software in German and English (pre-configurable)

Additional features

• Forwarding of external USB and LAN devices, e.g. for the connection of an IP telephone
• Automatic reconnection after disconnection or connection change

Multi-factor authentication

• Software certificate, tied to the stick’s hardware ID and hardware anchor
• On-screen password entry

Security

• Signed read-only partitions for bootloader and kernel
• Encryption by hardware of all security-relevant partitions
• Signed read-only partition for firmware and applications
• Writeable partition for storage of user parameters
• Hardened ECOS Secure Linux operating system
• Digitally signed bootloader, firmware and applications validated in chain of trust
• Integrated firewall protecting against attacks over the same network and blocking ping requests
• Encryption of RAM content except for the executable program code
• VM start detection prevents use in virtual environment
• Fingerprinting of the guest computer incl. peripherals
• Instant logout on stick disconnection
• Secured updating process for firmware and applications with verification of integrity and correct update server

Connection, dimensions and scope of delivery

• USB-A - 12 x 41 x 4 mm, 6 g - ECOS SECURE BOOT STICK [HE] and carrying strap