Security

Ownership and Control

• DaDesktop is developed in-house by NobleProg Tech, with all maintenance and development handled internally. Any problems are addressed by our dedicated team of security operations, developers, and DevOps engineers. Access to the underlying DaDesktop platform is exclusively granted to NP Tech personnel.
• NobleProg possesses full access and the rights to both use and alter the entire source code.

Redundancy and Failure recovery

1. Both trainers and participants can opt to replicate their entire desktop in real time using the 'remote replica' feature.
2. For hands-on labs, automatic snapshots can be activated, allowing the system to recover the last stable state in the event of a crash.
3. We run servers in redundant data centres, so if one fails, another remains accessible with minimal latency.
4. DaDesktop’s infrastructure spans multiple data centres around the globe, backed by thorough physical and digital security measures.
5. DaDesktop relies on QEMU/KVM to spawn and operate virtual machines. Since QEMU and KVM are integral parts of the Linux kernel, rolling out security patches is both effortless and rapid—there’s no dependency on external vendors. QEMU/KVM boasts a stellar security and performance track record, outperforming many commercial alternatives.

NobleProg enforces a strict zero-trust policy

1. Only NP Tech staff with pre-approved IP addresses can reach the NobleProg and DaDesktop environments. IP tables firewall rules block unauthorized SSH and other port access.
2. All systems are secured with two-factor authentication alongside a password. An attacker armed only with a password cannot log in because their IP won’t be whitelisted and they won’t possess the one-time code.
3. During DaDesktop courses, every desktop network is kept separate from others and isolated from public networks.
4. All NobleProg employees use multi-factor authentication to access NobleProg and DaDesktop. As soon as a staff member departs, their access is revoked instantly to guard against unauthorized entry.

Linux Hardening

1. DaDesktop server nodes run a lean, custom Ubuntu build—we install only essential packages to cut complexity and resource usage. This reduces the attack surface since there are fewer packages and services active at any given time; a typical node has a footprint of just 250MB.
2. SSH access to the root account is disabled.
3. DaDesktop runs on the latest stable Ubuntu Linux, with automatic updates and patches applied, minimizing the chance of zero-day exploits.
4. We continuously monitor servers for known vulnerabilities.
5. Any unnecessary packages and files are stripped away.
6. NobleProg has full access to all source code. If a vulnerability surfaces without an official fix, our security team can develop and apply a patch straight away.
7. Automatic unattended upgrades keep systems current.
8. We monitor and can automatically block any connections from our servers to the dark web.

Monitoring

1. NobleProg keeps a watchful eye on all servers, including those running DaDesktop, generating alerts for anything needing attention. These alerts are promptly investigated and resolved. We routinely review incidents to make sure root causes are addressed so problems don’t recur.
2. All DaDesktop servers and both trainer and participant machines are tracked for CPU, memory, and network usage—among other metrics. We also scan nodes and the DaDesktop system for CVEs that trigger flags in our monitoring; normally fixes are rolled out automatically, but when exceptions arise we patch manually or apply other countermeasures.
3. For Fresh Start machines used during courses, recordings are captured by default to help troubleshoot issues when trainers set up. Optionally, recordings can be made of the trainer’s machine and the training room itself—fully configurable via the UI and can be turned off at any time.
4. DaDesktop OS templates are refreshed roughly every two weeks, incorporating the latest security patches.