We have implemented a new security measure that we call Blind Operator 2.0, a method to disable remote and local access to our servers. This makes it hard for anyone, including our employees, to modify, or to tap the traffic on our servers. In this blog post, we will take a closer look at Blind Operator 2.0 and how it enhances the security of AzireVPN's servers.
Blind Operator 2.0 works by disabling both SSH and console access on our servers. This means that even if an attacker gains physical access to the server, they cannot use either of these methods to extract sensitive data. To accomplish this, we eliminated GeTTY, the Unix-based system program that permits users to access the command-line interface, as well as sshd, a daemon utilised for remote access to computers and servers.
Since more than five years back we are booting our servers into RAM from PXE (Preboot Execution Environment), which allows us to remove hard drives. This approach ensures that no permanent storage exists on the servers, thereby preventing data storage or logging. By adopting this method, we fortifies the security of our servers, guaranteeing the privacy and security of user data. As a result, AzireVPN maintains its status as a genuine non-logging VPN, offering continuous protection of user privacy.
Blind Operator 2.0 and the other security measures implemented by AzireVPN demonstrate our commitment to providing the highest level of security to our customers. In a world where cyber threats are becoming increasingly prevalent, it is essential to use a VPN provider that takes security seriously. By implementing Blind Operator 2.0 and other security measures, AzireVPN is setting a new standard for VPN security and giving our customers the peace of mind they need to browse the internet safely and securely.
In summary, we can affirm that all AzireVPN servers comply to the following:
- No logging
- No hard drives or permanent storage
- Operating system booted from PXE into RAM
- No local access (Console, Serial, etc.)
- No remote access (SSH)
- Magic SysRq keyboard shortcut disabled