
Highly secure home office
BSI-approved for EU-/NATO RESTRICTED
The ECOS SecureBootStick SX provides highly secure remote-access to a terminal server or virtual desktop infrastructure as well as to web applications in a secure and encapsulated environment.
How the Secure Boot Stick SX works
When connected to a USB port, the PC or Mac boots the specially hardened ECOS Secure Linux operating system on the stick.
The internal hard drive stays disconnected, so potential malware on the computer cannot be activated at all. This ensures a 100% separation between professional and private use of the PC.
The boot stick provides all required firmware and applications. This allows the use of private or third-party devices, with BSI approval.
More products of the Secure Boot Stick family:
Secure Boot Stick FX
Hardened ECOS Secure Linux OS
All software on one stick
2-factor authentication w/
software certificates
Integrated firewall
Central management
Hardware-encrypted security
2-factor authentication w/
hardware anchor
Multi-factor authentication w/
smartcard
Keypad for PIN entry
Data safe for encrypted file storage
Secure Boot Stick GX
Hardened ECOS Secure Linux OS
All software on one stick
2-factor authentication w/
software certificates
Integrated firewall
Central management
Hardware-encrypted security
2-factor authentication w/
hardware anchor
Multi-factor authentication w/
integrated smartcard
Keypad for PIN entry
Data safe for encrypted file storage
Authentication w/ PKI/ID-1 cards
Secure Boot Stick ZX
BSI-approved for VS-NfD
EU and NATO RESTRICTED
Highly secure VS-NfD access w/
genua genuscreen
Sealed stick environment
Extra hardened ECOS Secure Linux
Multi-factor authentication w/
smartcard
Keypad for PIN entry
Central management and remote
updating
Multi-factor authentication via card
slot for PKI and ID-1 service cards
Compatible with Bundeswehr
military card
Technichal data of the Secure Boot Stick SX
BSI approval
- Approved for processing data with classification level VS-NfD, NATO RESTRICTED, EU RESTRICTED
Applications
- RDP Client, Citrix Workspace app (formerly Citrix Receiver), VMware Horizon via RDP, PCoIP, BLAST, Firefox, Chromium, VPN Client for IPsec
- Citrix HDX RealTime Media Engine to optimize audio and video transmission for Skype for Business and Microsoft Teams
- Microsoft RemoteFX for optimizing the audio quality with RDP
Supported destination systems
- Microsoft RDSH, WTS 2000 and later, RDS, RD sharing, Citrix Virtual Apps & Desktops, VMware Horizon or web server
VPN
- Connection to genua genuscreen by IPsec within a BSI-approved environment
Administration
- Profiles for access to different applications/servers on user, group or role level
- Use of local resources after release (external USB storage devices, local printers)
- Rights assignment for external devices bound to manufacturer ID or serial number of the device
- Remote update of all applications and firmware
Compatibility
- Integrated smartcard reader for cards in ID-000 format
- Drivers for all popular 64-bit PCs, Macs and tablets with x86 architecture
- UEFI Secure Boot support
- Keyboard drivers for more than 90 languages and countries
- Multi-monitor support
- Connection by LAN, WLAN, UMTS, LTE incl. browser for login to hotspot
- Software in German and English (pre-configurable)
Data safe
- 1 GB, usable for storing documents (not for VS-NfD), (larger storage capacities on request)
- Hardware encryption with AES-256, secured by smartcard plus PIN
- Installation-free use as USB drive in Windows, Linux and macOS
Additional features
- Signing, encryption or Windows smartcard logon with PC/SC forwarding
- Forwarding of external USB and LAN devices, e.g. for the connection of an IP telephone
- Automatic reconnection after disconnection or connection change
Multi-factor authentication
- Software certificate, tied to stick’s hardware ID and smartcard
- Integrated numeric keypad for PIN entry on the stick
Security
- Write-protected and signed partitions for bootloader and kernel
- Encryption by hardware of all security-relevant partitions
- Signed read-only partition for firmware and applications
- Writeable partition for storage of user parameters
- Hardened ECOS Secure Linux operating system
- Digitally signed bootloader, firmware and applications validated in chain of trust
- All processes secured by smartcard, e.g. Easy Enrollment, sign-in to gateway, stick update
- Integrated firewall protecting against attacks over the same network and blocking ping requests
- Encryption of RAM content except for the executable program code
- VM start detection prevents use in virtual environment
- Fingerprinting of the guest computer incl. peripherals
- Instant logout on stick disconnection
- Secured updating process for firmware and applications with verification of integrity and correct update server
Connection, dimensions and scope of delivery
- USB-A | C | micro - 28 x 85 x 13 mm – 68 g
- ECOS SecureBootStick SX and carrying strap, 2 connection cables for USB A and C