Secure access to corporate networks

Applications

• RDP client, Citrix Workspace app (formerly Citrix Receiver), VMware Horizon via RDP, PCoIP, BLAST, Firefox, Chromium, VNC Viewer, VPN client for IPsec
• Citrix HDX RealTime Media Engine to optimize audio and video transmission for Skype for Business and Microsoft Teams
• Microsoft RemoteFX for optimizing the audio quality with RDP

Supported destination systems

• Microsoft RDSH, WTS 2000 and later, RDS, RD sharing, Citrix Virtual Apps & Desktops, VMware Horizon or web server

VPN

• Connection to default gateway via IPsec, OpenVPN or HTTPS
• Additional VPN clients: Cisco AnyConnect, Juniper, F5 (additional licenses may be required)

Administration

• Profiles for access to different applications/servers on user, group or role level
• Use of local resources after release (external USB storage devices, local printers)
• Rights assignment for external devices bound to manufacturer ID or serial number of the device
• Remote update of all applications and firmware

Compatibility

• Compatible with all popular 64-bit PCs, mostly Intel-based Macs and tablets with x86 architecture
• UEFI Secure Boot support
• Keyboard drivers for more than 90 languages and countries
• Multi-monitor support
• Connection by LAN, WLAN, UMTS, LTE incl. browser for login to hotspot
• Software in German and English (pre-configurable)

Additional features

• Forwarding of external USB and LAN devices, e.g. for the connection of an IP telephone
• Automatic reconnection after disconnection or connection change

Multi-factor authentication

• Software certificate, tied to the stick’s hardware ID
• On-screen password entry

Security

• Signed partitions for bootloader and kernel
• Encryption by software of all security-relevant partitions
• Signed read-only partition for firmware and applications
• Writeable partition for storage of user parameters
• Hardened ECOS Secure Linux operating system
• Digitally signed bootloader, firmware and applications validated in chain of trust
• Integrated firewall protecting against attacks over the same network and blocking ping requests
• Encryption of RAM content except for the executable program code
• VM start detector prevents use in virtual environment
• Fingerprinting of the guest computer incl. peripherals
• Instant logout on stick disconnection
• Secured updating process for firmware and applications with verification of integrity and correct update server

Connection, dimensions and scope of delivery

• USB-A - 12 x 22 x 4 mm, 3 g - ECOS SecureBootStick CL and carrying strap