Skip to main content

Remote access with hardware encryption

ECOS SecureBootStick® HE

With its specially designed hardware-encryption and numerous security features, the ECOS SecureBootStick HE takes the proven ECOS SecureBootStick CL to a whole new security level.

The stick provides highly secure access to a terminal server or virtual desktop infrastructure and web applications in a secured, encapsulated environment.

Download brochure      Contact us

How the ECOS SecureBootStick HE works

Any PC or Mac can boot the specially hardened ECOS Secure Linux operating system on the ECOS SecureBootStick HE. The internal hard disk is disconnected, so no malware on the hard disk will ever get a chance.
Switching off the internal hard disk ensures 100% separation between professional and private use of the PC.

The ECOS SecureBootStick HE not only provides the security of a protected and encapsulated environment, it also serves as a strong multi-factor authentication. The stick is coupled with a cryptographic key in the hardware.

Order free demo-stick


Simply and smart

  Connect boot stick to PC or Mac
  The ECOS Secure Linux operating system boots automatically. The local hard disk is not activated.
  Select destination system, enter user name/passwort and you are all set!

4 good reasons to choose the ECOS SecureBootStick HE

  • Installation- and configuration-free
  • All software on one stick
  • Works w/ any Internet connection
  • User friendly settings
Highly secure
  • Strong 2-factor authentication by crypto anchor
  • Hardware encrypted
  • Hardened Linux operating system
  • Protected & encapsulated environment
  • Read-only and digitally signed
  • Integrated firewall
  • 100% separation business / private
  • Internal HD inactive
  • Ext. data transfer only if authorized
  • Instant logout on stick disconnection
  • Easy integration into IT infrastructure
  • Quick roll-out
  • Central management
  • Low support
  • Low investment
Technical data of the ECOS SecureBootStick HE


  • RDP client, Citrix Workspace app (formerly Citrix Receiver), VMware Horizon via RDP, PCoIP, BLAST, Firefox, Chromium, VNC Viewer, VPN client for IPsec
  • Citrix HDX RealTime Media Engine to optimize audio and video transmission for Skype for Business and Microsoft Teams
  • Microsoft RemoteFX for optimizing audio quality with RDP

Supported destination systems

  • Microsoft RDSH, WTS 2000 and later, RDS, RD sharing, Citrix Virtual Apps & Desktops, VMware Horizon or web server


  • Connection to default gateway via IPsec, OpenVPN or HTTPS
  • Additional VPN clients: Cisco AnyConnect, Juniper, F5 (additional licenses may be required)


  • Profiles for access to different applications/servers on user, group or role level
  • Use of local resources after release (external USB storage devices, local printers)
  • Rights assignment for external devices bound to manufacturer ID or serial number of the device
  • Remote update of all applications and firmware


  • Compatible with all popular 64-bit PCs, mostly Intel-based Macs and tablets with x86 architecture
  • UEFI Secure Boot support
  • Keyboard drivers for more than 90 languages and countries
  • Multi-monitor support
  • Connection by LAN, WLAN, UMTS, LTE incl. browser for login to hotspot
  • Software in German and English (pre-configurable)

Additional features

  • Forwarding of external USB and LAN devices, e.g. for the connection of an IP telephone
  • Automatic reconnection after disconnection or connection change

Multi-factor authentication

  • Software certificate, tied to the stick’s hardware ID and hardware anchor
  • On-screen password entry


  • Signed read-only partitions for bootloader and kernel
  • Encryption by hardware of all security-relevant partitions
  • Signed read-only partition for firmware and applications
  • Writeable partition for storage of user parameters
  • Hardened ECOS Secure Linux operating system
  • Digitally signed bootloader, firmware and applications validated in chain of trust
  • Integrated firewall protecting against attacks over the same network and blocking ping requests
  • Encryption of RAM content except for the executable program code
  • VM start detection prevents use in virtual environment
  • Fingerprinting of the guest computer incl. peripherals
  • Instant logout on stick disconnection
  • Secured updating process for firmware and applications with verification of integrity and correct update server

Connection, dimensions and scope of delivery

  • USB-A - 12 x 41 x 4 mm, 6 g - ECOS SecureBootStick HE and carrying strap

Are you interested in the ECOS SecureBootStick HE? Do you have questions?

We are looking forward to your message!