Highly secure home office

BSI approval

• Approved for processing data with classification level VS-NfD, NATO RESTRICTED, EU RESTRICTED

Applications

• RDP Client, Citrix Workspace app (formerly Citrix Receiver), VMware Horizon via RDP, PCoIP, BLAST, Firefox, Chromium, VPN Client for IPsec
• Citrix HDX RealTime Media Engine to optimize audio and video transmission for Skype for Business and Microsoft Teams
• Microsoft RemoteFX for optimizing the audio quality with RDP

Supported destination systems

• Microsoft RDSH, WTS 2000 and later, RDS, RD sharing, Citrix Virtual Apps & Desktops, VMware Horizon or web server

VPN

• Connection to genua genuscreen by IPsec within a BSI-approved environment

Administration

• Profiles for access to different applications/servers on user, group or role level
• Use of local resources after release (external USB storage devices, local printers)
• Rights assignment for external devices bound to manufacturer ID or serial number of the device
• Remote update of all applications and firmware

Compatibility

• Integrated smartcard reader for cards in ID-000 format
• Drivers for all popular 64-bit PCs, Macs and tablets with x86 architecture
• UEFI Secure Boot support
• Keyboard drivers for more than 90 languages and countries
• Multi-monitor support
• Connection by LAN, WLAN, UMTS, LTE incl. browser for login to hotspot
• Software in German and English (pre-configurable)

Data safe

• 1 GB, usable for storing documents (not for VS-NfD), (larger storage capacities on request)
• Hardware encryption with AES-256, secured by smartcard plus PIN
• Installation-free use as USB drive in Windows, Linux and macOS

Additional features

• Signing, encryption or Windows smartcard logon with PC/SC forwarding
• Forwarding of external USB and LAN devices, e.g. for the connection of an IP telephone
• Automatic reconnection after disconnection or connection change

Multi-factor authentication

• Software certificate, tied to stick’s hardware ID and smartcard
• Integrated numeric keypad for PIN entry on the stick

Security

• Write-protected and signed partitions for bootloader and kernel
• Encryption by hardware of all security-relevant partitions
• Signed read-only partition for firmware and applications
• Writeable partition for storage of user parameters
• Hardened ECOS Secure Linux operating system
• Digitally signed bootloader, firmware and applications validated in chain of trust
• All processes secured by smartcard, e.g. Easy Enrollment, sign-in to gateway, stick update
• Integrated firewall protecting against attacks over the same network and blocking ping requests
• Encryption of RAM content except for the executable program code
• VM start detection prevents use in virtual environment
• Fingerprinting of the guest computer incl. peripherals
• Instant logout on stick disconnection
• Secured updating process for firmware and applications with verification of integrity and correct update server

Connection, dimensions and scope of delivery

• USB-A | C | micro - 28 x 85 x 13 mm – 68 g
• ECOS SecureBootStick SX and carrying strap, 2 connection cables for USB A and C