Security

Proprietary Control and Ownership

• DaDesktop was created by NobleProg Tech and is entirely managed and enhanced internally – all problems are handled by our in-house team of security operations, developers, and DevOps professionals. Only NP Tech personnel can access the core DaDesktop system.
• NobleProg holds full rights to access, utilise, and alter every piece of source code.

Redundancy and Disaster Recovery

1. Trainers and learners can opt to mirror an entire desktop in real time through the remote replica feature.
2. While working hands-on, automatic snapshots of a desktop may be turned on. Should a crash occur, the system can revert to the last functional state.
3. Servers are kept in multiple redundant data centres; if one centre goes down, another is available with minimal latency.
4. The DaDesktop infrastructure spans several data centres globally, all protected by rigorous physical and digital security measures.
5. DaDesktop leverages QEMU/KVM to spin up and manage virtual machines – both are native components of the Linux OS. Because QEMU and KVM are integrated into Linux, security patches can be applied swiftly and easily without depending on any third party. QEMU/KVM boasts an outstanding track record for security and performance, surpassing many commercial alternatives.

NobleProg Enforces a Zero-Trust Policy

1. Access to NobleProg and DaDesktop systems is granted only to NP Tech personnel whose IP addresses have been preregistered. IP tables firewall rules block SSH and other ports from unauthorised connections.
2. Every system is shielded by both a password and two-factor authentication: even if an attacker steals a password, they cannot gain entry because their IP is not on the approved list and they lack the one-time password.
3. During a DaDesktop course, each desktop’s network is completely isolated from other desktops and from public Internet access.
4. All NobleProg staff use multi-factor authentication to log into NobleProg or DaDesktop platforms; access privileges are revoked instantly upon an employee’s departure to prevent unauthorised entry.

System Hardening on Linux

1. DaDesktop server nodes are kept lean by installing only essential packages on a custom, stripped-down build of Ubuntu that we maintain. This approach minimises complexity and overhead, which translates into fewer security flaws since fewer packages and services are running at any given moment. Each DaDesktop node typically has a base footprint of just 250 MB.
2. Direct root login via SSH is turned off.
3. The DaDesktop infrastructure is built on the latest stable release of Ubuntu Linux and is set to upgrade and patch itself automatically, lowering the likelihood of zero-day exploits.
4. Servers are continuously scanned for known security issues.
5. Any packages or files that aren’t in use are stripped out.
6. NobleProg has full access to all project source code. If a vulnerability is detected but no official patch exists, our security team can apply a fix right away.
7. Unattended upgrades keep systems up to date without manual intervention.
8. All outbound traffic to the dark web is watched and can be blocked automatically.

Continuous Surveillance and Oversight

1. All NobleProg servers—including those running DaDesktop—are under constant watch, and alerts fire whenever an issue demands attention. These alerts are promptly investigated and resolved. We routinely review past alerts and incidents to make certain each root cause is addressed, preventing recurrence.
2. Every DaDesktop server and each trainer/participant machine is tracked for CPU, memory, and network usage. In addition, DaDesktop nodes and the overall platform are scanned for CVEs, which trigger flags on our monitoring dashboard for inspection. Security updates are generally applied automatically, but any exceptions caught during this process are dealt with manually, and other countermeasures are employed as needed.
3. Fresh Start course machines are automatically recorded, allowing trainers to verify that everything is set up correctly before a course. Optionally, the trainer’s own machine and the training room can be recorded during the session—all fully controllable through the user interface and easily disabled if not required.
4. DaDesktop OS templates are refreshed roughly every two weeks, incorporating the very latest security patches.