Security

Ownership and Control

• DaDesktop was developed entirely by NobleProg Tech, and all maintenance and development happen in-house. Any issues are resolved by our dedicated teams of security operations, developers, and DevOps specialists. Access to the DaDesktop core system is strictly limited to NP Tech personnel.
• NobleProg retains full access and rights to use and modify the entire source code.

Redundancy and Failure recovery

1. Trainers and participants have the option to replicate their entire desktop in real time using the 'remote replica' feature.
2. During hands-on experimentation, you can enable automatic snapshots of the desktop. If a crash occurs, the system can revert to the most recent working state.
3. Servers are hosted across redundant data centres, so if one facility experiences an outage, another geographically close centre takes over with minimal latency.
4. The DaDesktop infrastructure spans multiple data centres around the world, each backed by rigorous physical and IT security measures.
5. DaDesktop relies on QEMU/KVM to provision and operate virtual machines; these components are integral to the Linux operating system. Because QEMU and KVM are native to the Linux kernel, applying security patches is both swift and straightforward, with no third-party dependencies to worry about. QEMU/KVM boasts a stellar security and performance track record that outperforms many commercial alternatives.

A zero-trust policy is implemented at NobleProg

1. Only NP Tech personnel with pre-registered IP addresses are permitted to access our NobleProg and DaDesktop environments. IP tables firewall rules restrict SSH and other port access accordingly.
2. Every system is safeguarded with two-factor authentication and a password; an attacker who acquires only the password cannot gain entry because their IP is not whitelisted and they lack the one-time password.
3. During a DaDesktop course, each desktop network is fully isolated from other desktops and from public access.
4. All NobleProg employees use multi-factor authentication (MFA) to log into NobleProg or DaDesktop systems. Access is revoked immediately upon a staff member's departure to prevent unauthorised entry.

Linux Hardening

1. DaDesktop server nodes run a minimal, custom-built Ubuntu variant where only essential packages are installed, reducing complexity and overhead. This lean setup means fewer security vulnerabilities, as there are fewer packages to run and fewer active services at any given moment. The typical installation footprint for a DaDesktop node is just 250MB.
2. SSH access to the root account is disabled.
3. The DaDesktop infrastructure is built on the latest stable release of Ubuntu Linux, which is automatically upgraded and patched to mitigate the risk of zero-day vulnerabilities.
4. Servers are continuously scanned for known vulnerabilities.
5. Any unused packages and files are removed.
6. NobleProg has full access to the entire source code. If a vulnerability is discovered and no official patch exists, our security team can apply a fix immediately.
7. All systems are configured for automatic unattended upgrades.
8. All outbound connections from our servers to the dark web are monitored and can be blocked automatically.

Monitoring

1. NobleProg keeps a watchful eye on all its servers, including DaDesktop instances, generating alerts for any matters that require attention. These alerts are promptly investigated and resolved. Regular reviews of past alerts and issues help us address root causes and prevent recurrence.
2. We track CPU, memory, and network activity across all DaDesktop servers and both trainer and participant machines. Moreover, DaDesktop nodes and the underlying platform are continuously watched for relevant CVEs; any matches trigger an alert for inspection. While security updates are typically applied automatically, any exceptions that surface are patched manually, and other mitigating actions may be implemented as needed.
3. During course preparation, the platform automatically records the Fresh Start machines, allowing trainers to verify the setup. Optionally, recordings of the trainer's machine and the training room can be captured while the course is in session. This functionality is fully manageable through the UI and can be disabled when not needed.
4. DaDesktop OS templates are typically refreshed every two weeks with the latest security patches.