At Viking, we are dedicated to protecting our users to the greatest extent possible. We have adopted long held standards for security, and then gone above and beyond that mark and used the best techniques known to the industry.
Beyond checklists and penetration tests, we have implemented policies that minimize our attack surface and harden our systems against 0-day attacks and other unknown threats.
One of the measures we have taken since day 1 is avoiding the use of virtual machines. We have always opted for bare-metal servers and avoided Virtual Private Servers and Clouds to increase performance and decrease our attack surface. We have also opted to keep our systems as simple as possible, avoiding adding layers of complexity by using additional software or weakening infrastructure to make the network easier to manage.
This concept has paid off for us multiple times in the past by keeping us immune to FREAK, Ghost, CCS Injection, and minimized our exposure to Shellshock. Today, our security focus pays off again in the form of VENOM.
Venom is a vulnerability in a virtual floppy driver that is present in almost all implementations of the Xen OS. It is widespread and allows a "neighbor" to attack confidential data that resides on the same physical computer outside of the virtual machine.
Our commitment to staying bare-metal for our VPN network has allowed us to completely sidestep this serious bug.