Security

DaDesktop is written by NobleProg Tech and maintained and developed fully in-house – any issues are dealt with by our own specialist team of Security Ops, Devs and DevOps staff. Only NP Tech staff have access to the underlying DaDesktop system.
NobleProg has access and rights to use and modify all source code.

Trainers and users can choose to replicate the entire desktop in real time using the 'remote replica' option.
When experimenting, automatic snapshots of a desktop can be enabled. If a crash occurs, the system can restore the last working version.
Servers are maintained in redundant datacentres, so if one datacentre fails, another is available at low latency distance.
DaDesktop infrastructure uses a number of datacentres located worldwide, with comprehensive physical and IT security policies in place.
DaDesktop uses QEMU/KVM to create and run virtual machines; both QEMU and KVM are part of the Linux operating system. Because QEMU and KVM are built-in components of the Linux OS, security updates are very easy and quick to deploy, with no third-party reliance to worry about. QEMU/KVM has an excellent security and performance record, beating those of commercial solutions.

Only NP Tech staff with pre-registered IP addresses are permitted to access the NobleProg and DaDesktop systems. IP tables firewall rules restrict access for SSH and other ports.
Each system is protected by two-factor authentication and a password; even if an attacker obtains the password, they cannot access the system because their IP is not whitelisted and they lack the one-time password.
During a DaDesktop course, each desktop network is isolated from other desktops and public access.
All NobleProg staff use a multi-factor authentication (MFA) system to log in to NobleProg or DaDesktop systems; access is immediately revoked if a staff member leaves, to protect against unauthorised access.

The DaDesktop server (node) system is minimised by installing only the necessary packages on a custom, stripped-down version of Ubuntu that we create and maintain, reducing added complexity and overhead. This, in turn, means fewer security holes because fewer packages need to run, and thus fewer services are running at any one time. The installed base is normally only 250MB for each DaDesktop server node.
Access to the 'root' account is disabled in ssh.
The DaDesktop infrastructure uses the newest stable version of Ubuntu Linux as its base and is automatically upgraded and patched automatically, therefore reducing the risk of a zero-day vulnerability.
Servers are monitored for known vulnerabilities.
Unused packages and files are removed.
NobleProg has access to all source code used in the project. If a vulnerability is discovered and a patch is not yet available, NobleProg's security team can patch it immediately.
Systems are automatically updated (unattended-upgrades).
All connections from our servers to the dark web are monitored and can be automatically blocked.

NobleProg monitors all its servers, including DaDesktop servers, and generates alerts for any issues that need attention. Alerts are followed up and resolved. We regularly review alerts and issues to ensure each one is fully addressed and to prevent recurrence.
We monitor all DaDesktop servers and trainer/participant machines for CPU, memory, and network activity, among other metrics. All DaDesktop nodes and the underlying system are also monitored for any CVE's that trigger a flag in the monitoring system for review. Security updates are typically applied automatically, but if any exceptions are detected, they are patched manually or other mitigating steps are taken.
Recordings are automatically made of the Fresh Start machines on courses; these can be used to check for any issues when a Trainer prepares a course. Recordings of the Trainer machine and Training Room can optionally be made during a course. This is fully controllable via the UI and can be turned off if not needed.
DaDesktop Operating System Templates are typically updated every couple of weeks with the latest security updates.