Security

Ownership and Control
Fault Tolerance and Recovery
  1. Trainers and participants can opt to replicate an entire desktop in real time using the 'remote replica' feature.
  2. While experimenting, automatic snapshots can be turned on. Should a crash occur, the system can roll back to the last working state.
  3. Servers are hosted in redundant data centers, so if one center fails, another is available with minimal latency.
  4. DaDesktop runs across multiple data centers globally, supported by robust physical and IT security measures.
  5. DaDesktop relies on QEMU/KVM to spin up and manage virtual machines; both are integral parts of the Linux OS. Because QEMU and KVM are built-in Linux components, security patches can be deployed swiftly and easily — there's no dependency on third parties. QEMU/KVM boasts a strong security and performance track record, outperforming many commercial alternatives.
NobleProg’s Zero-Trust Approach
  1. Only NP Tech staff with pre-registered IP addresses are granted access to the NobleProg and DaDesktop systems we operate here in Italy. IP tables firewall rules secure SSH and other ports.
  2. Each system requires Two-Factor Authentication plus a password; an attacker who manages to obtain a password alone cannot log in — their IP won’t be whitelisted and they’ll lack the One-Time Password.
  3. During a DaDesktop course, every desktop network is completely isolated from others and from the public internet.
  4. All NobleProg employees use a multi-factor authentication (MFA) system to connect to NobleProg or DaDesktop; if a staff member departs, access is immediately revoked to prevent unauthorized entry.
Linux Hardening
  1. DaDesktop nodes run a minimized system by installing only essential packages — a custom, stripped-down Ubuntu version we build and maintain, cutting out unnecessary complexity and overhead. This reduces potential security flaws since fewer packages and services are running, keeping the attack surface small. Each node’s installed footprint typically sits around just 250MB.
  2. SSH access to the root account is disabled.
  3. The DaDesktop infrastructure uses the latest stable Ubuntu LTS as a foundation, with automatic upgrades and patches, lowering the risk of zero-day vulnerabilities.
  4. Servers are continuously scanned for known vulnerabilities.
  5. Any unused packages and files are stripped away.
  6. NobleProg has full access to every piece of source code in the project. If a vulnerability is found but no official patch exists yet, our security team can address it right away.
  7. Systems receive unattended upgrades automatically.
  8. All traffic from our servers to the dark web is monitored and can be automatically blocked.
Monitoring
  1. NobleProg keeps a constant eye on all its servers, including DaDesktop machines, generating alerts for any matters that need attention. Each alert is investigated and resolved, and we regularly review patterns to prevent repeat issues.
  2. We track CPU, memory, and network activity across all DaDesktop servers and both trainer and participant machines. Additionally, DaDesktop nodes and the core system are scanned for any CVEs, which appear as flags on our monitoring dashboard. Usually security fixes are applied automatically, but if anomalies are detected, they’re patched by hand and other mitigating steps are taken.
  3. Fresh Start machines on courses are automatically recorded, helping to verify any problems during course preparation. Optionally, sessions of the trainer’s machine and the Training Room can be recorded as well. This feature is fully adjustable via the UI and can be turned off when not needed.
  4. DaDesktop operating system templates are refreshed roughly every two weeks with the latest security patches.