Security

DaDesktop is developed by NobleProg Tech entirely in-house—from coding to maintenance. Any problems are handled by our dedicated team of security operations, development, and DevOps specialists. Access to the underlying DaDesktop system is strictly limited to NP Tech personnel.
NobleProg holds the rights and the ability to use and modify all source code.

Trainers and participants can replicate the entire desktop in real time using the 'remote replica' option.
For experimentation, you can enable automatic snapshots of a desktop. Should a crash occur, the system can restore the last functional version.
Servers are hosted in redundant data centres Germany, so if one fails, another with low-latency proximity is immediately available.
The DaDesktop infrastructure spans multiple data centres around the globe, all protected by robust physical and IT security measures.
DaDesktop leverages QEMU/KVM to create and manage virtual machines. Because QEMU and KVM are integral components of the Linux operating system, rolling out security updates is both simple and fast—there’s no dependency on third parties. QEMU/KVM boasts a stellar security and performance track record, outperforming many commercial alternatives.

Only NP Tech staff with pre-registered IP addresses are permitted access to our NobleProg and DaDesktop systems. We use iptables firewall rules to block SSH and other port access.
Every system is secured with two-factor authentication and a password. So even if an attacker obtains the password, they still cannot gain entry because their IP isn’t whitelisted and they lack the one-time password.
During a DaDesktop course, each desktop’s network is isolated from others and from public access.
Here at NobleProg Germany, all staff use multi-factor authentication (MFA) to log in to NobleProg or DaDesktop systems. Access is immediately revoked if an employee departs, protecting against unauthorised entry.

The DaDesktop server nodes run a minimal, custom-cut version of Ubuntu that includes only essential packages, slashing complexity and overhead. This lean approach reduces the attack surface: fewer packages mean fewer services running at once and consequently fewer potential security holes. Each node typically has an installed footprint of just 250 MB.
SSH access for the 'root' account is disabled.
The DaDesktop infrastructure is built on the latest stable Ubuntu Linux release and is automatically upgraded and patched, helping to minimise the risk of zero-day vulnerabilities.
Servers are continually scanned for known vulnerabilities.
Unused packages and files are purged.
NobleProg holds access to all project source code. If a vulnerability is found and no patch exists yet, our security team can implement a fix straight away.
Automatic updates (unattended-upgrades) are enabled across all systems.
All connections from our servers to the dark web are monitored and can be automatically blocked.

NobleProg keeps a watchful eye on all its servers, including those for DaDesktop, and triggers alerts for any issue requiring attention. Each alert is investigated and resolved. We conduct regular reviews of alerts and issues to ensure thorough fixes that prevent recurrence.
We track CPU, memory, and network activity across all DaDesktop servers and trainer/participant machines. Additionally, DaDesktop nodes and the core system are watched for any CVEs that raise a flag in our monitoring platform for review. Security updates are normally applied automatically, but if an exception is detected, we patch it manually or take other mitigating steps.
Recordings of the Fresh Start machines are automatically captured during courses, aiding trainers in diagnosing issues during preparation. Recording the trainer’s machine and the training room during a course is optional. You have full control in the UI and can disable these recordings if they’re not needed.
DaDesktop OS templates are refreshed roughly every two weeks, incorporating the most recent security patches.