Subscribe to our Release Newsletter
Sign up for our Release Newsletter and stay tuned for the latest product releases, webinars, events, and trends in the IT security industry.
Subscribe now >
Version 7 | Version 8
Version 8 of the ECOS products SBS, SMA, SOS, ACA and TMA replaces the previous version 7. In the VS-NfD-approved area, version 8 of SBS and SMA follows on from the expiring approval of version 7. Version 8 was approved by the BSI for VS-NfD with a time limit of 31.05.2028.
Version 8 enables the differentiation of different security zones for connection targets in the network. This allows targets that are reached via a secure network to be separated from targets on the public internet. This makes it possible, for example, for authorities to use the approved SBS to participate in video conferences that are not operated within the secure official network as part of international cooperation with other European authorities. In the private sector environment, the security zones can be used as required in accordance with the requirements of the established confidentiality levels.
For the VS-NfD-approved area, version 8 requires that the Probabilistic Signature Scheme (PSS) padding method is used when using signatures with RSA keys. Older padding methods (PKCS#1 v1.5) are therefore no longer permitted. Signatures with RSA keys are used, for example, for certificate-based authentication at a VPN gateway. As a result, PSS support must be ensured on the VPN gateways used by the operating organization before version 8 is rolled out in the organization. Otherwise, SBSs in the field will no longer be able to establish a VPN connection to the operator network.
PKCS#1v1.5 padding can still be used outside the authorized area. However, we recommend switching to PSS padding here too.
For the random number generator (RNG) used on the SBS and the SMA, conformity with the DRG.3 classification is required for VS-NfD. For the Linux operating system used, the RNG must be seeded from a reliable source from Linux kernel 5.18 onwards. The SBS meets the requirement with the integrated smartcard and can therefore easily use the latest kernels. The SMA is currently using kernel 5.15, which, according to current information, will be supplied with security updates until October 2026. At the beginning of 2026, ECOS plans to use newer kernels on the part of the SMA before kernel 5.15 reaches EOL (End Of Life). To ensure DRG.3 compliance, the SMA includes a security check in the VS-NfD version that enforces the seeding of the RNG in conjunction with kernels from 5.18 onwards. The provision of a suitable hardware security anchor by the operator must therefore be planned in good time. In the standard case, a smartcard with CardOS 5.4 is used for this purpose.
The version marked "+vsnfd" contains only the VPN clients and applications approved for VS-NfD in order to meet the increased security requirements associated with VS-NfD approval. "+vsnfd" versions must be used in the VS-NfD environment.
Outside the VS-NfD environment, versions without the build tag ensure comprehensive interoperability with existing IT infrastructures that may not be VS-NfD-compliant (e.g. SSL VPN gateways).
Version 7.60.0 introduced support for IPv6-based transport networks between the SBS and VPN gateways. If IPv6 is supported in your environment and you also update your SMA to version 7.60.0, you can use IPv6 addressing immediately after the update.
The network services of the SBS have been updated with the necessary system maintenance. This means that the Intel XMM7360 and 7560 LTE modems cannot be used in version 7.60.0. With some WLAN chipsets, the automatic connection setup does not work after the computer is started. In this case, users must start the connection manually.
Version 7.61.0 no longer supports the previous RDP client in version 2.2.0.
Further information can be found in our release notes in the section Notes on versioning.
The update can now be obtained from our update server via the appliance or the Secure Boot Stick. If the systems do not receive automatic updates, you can install the update via the administration interfaceunder ECOS Appliance → Actions → Update or via the SBS desktop under Start menu → System Update → Software.
If a local update server is set up on the appliance, the updates can be downloaded from the URL specified in the respective changelog and installed on the appliance. Manual downloads can only be carried out in conjunction with a locally set up update server. You need a valid download password for the download. If you have not yet received a download password, please contact our support.
You can also find more information about updates in our admin tutorial Software updates for ECOS appliances and the ECOS SecureBootStick.