Security

Ownership and Control
Redundancy and Failure recovery
  1. Trainers and participants can choose to replicate their entire desktop in real time via the 'remote replica' option.
  2. During hands-on experimentation, automatic snapshots of a desktop can be turned on. If a crash occurs, the system restores the last functional state.
  3. Servers are housed in redundant data centers; should one facility fail, another low-latency alternative takes over immediately.
  4. The DaDesktop infrastructure leverages a global network of data centers, including in Mexico, all adhering to strict physical and IT security standards.
  5. DaDesktop utilizes QEMU/KVM to create and run virtual machines, both native components of the Linux operating system. Because they are built into the Linux OS, security patches can be deployed quickly and effortlessly, with no reliance on third parties. QEMU/KVM boasts an outstanding security and performance record, outpacing many commercial alternatives.
At NobleProg, a zero-trust policy is implemented
  1. Access to NobleProg and DaDesktop systems is granted exclusively to NP Tech staff whose IP addresses have been pre-registered. Firewall rules via iptables block SSH and other ports accordingly.
  2. Each system is protected by both two-factor authentication and a password; thus, even if a malicious actor obtains the password, they cannot gain entry because their IP is not whitelisted and they lack the one-time password.
  3. During a DaDesktop course, every desktop's network is isolated from other desktops and from public access.
  4. All NobleProg personnel use multi-factor authentication to log into NobleProg or DaDesktop platforms. Access is immediately revoked when an employee departs, safeguarding against unauthorized entry.
Linux Hardening
  1. DaDesktop server nodes run a custom, minimal version of Ubuntu, installing only essential packages to reduce complexity and overhead. This lean footprint minimizes security holes, as fewer packages and services are active at any given time. The typical installation size per node is just 250MB.
  2. SSH access to the 'root' account is disabled.
  3. The infrastructure operates on the latest stable Ubuntu Linux, with automatic updates and patches applied, lowering the risk of zero-day vulnerabilities.
  4. Servers are continuously scanned for known vulnerabilities.
  5. Unused packages and files are purged.
  6. NobleProg has full access to the project's source code. If a vulnerability is found and no patch is yet available, our security team can create and deploy a fix immediately.
  7. Systems are kept updated automatically via unattended upgrades.
  8. All outgoing connections from our servers to the dark web are monitored and can be blocked automatically.
Monitoring
  1. NobleProg monitors all servers, including DaDesktop nodes, and generates alerts for any issues that need attention. Alerts are promptly followed up and resolved, with regular reviews conducted to ensure thorough remediation and prevent recurrence.
  2. We continuously monitor all DaDesktop servers and trainer/participant machines for CPU, memory, and network activity, among other metrics. Additionally, DaDesktop nodes and the core system are watched for CVEs, which trigger flags for inspection. While security patches are normally applied automatically, any exceptions are patched manually, and other mitigating measures may be taken.
  3. Fresh Start machines on courses are automatically recorded, enabling checks for issues during trainer preparation. Recordings of the trainer's machine and the training room may also be optionally captured during a session, with full UI control to disable the feature if it is not required.
  4. DaDesktop OS templates are refreshed roughly every two weeks, incorporating the latest security updates.