High Security through Strict Separation
The key to the vs-top’s high level of security is the strict separation between the internal compartments behind the working environments. This is because applications such as e-mail programs or browsers are sources of weakness. If, for example, an attacker or malicious software should manage to corrupt the browser, they must be stopped from accessing the working environment for confidential information or, even worse, from accessing your network via VPN. The strict separation in the vs-top is made possible by the L4 separation system, which runs in the background, unnoticed by the user.
Secure connection to classification level restricted networks
No Way through for Attackers or Malicious Software
The L4 separation system used on the high security vs-top creates strictly isolated compartments for each working environment: The browser, mail and office applications are locked in one compartment, the working environment for sensitive information in a second. In addition, the security systems for the VPN gateway and firewall are locked in a third compartment. Each compartment comes complete with its own operating system and is therefore fully independent of the others. This consequent separation means that attackers or malicious software cannot break out from one working environment into the next or into the security systems. The L4 system is programmed to minimize code size, even though it carries out key tasks on the vs-top: It consists of merely 38.000 lines of code. This low complexity prevents errors and is an important security feature. Through its use of internal separation, the vs-top provides a level of security that up till now could only be achieved with the use of additional hardware units. In addition, the complete hard drive of the vs-top has been reliably encrypted and the key saved on a smartcard. Even if the laptop is lost, no one will be able to access your data.
Central Management Station
The vs-top security components are centrally administered by the genucenter Management Station. This means that you are able to set up the configuration for all mobile users from a central location, modify it, and install updates at any time, ensuring consequent implementation of your security policy. Thus, very high level of mobile security can be achieved in practice.