Security

Full Ownership and Control

• DaDesktop is built entirely by NobleProg Tech and stays under our in-house maintenance and development. Any problems that arise are handled directly by our dedicated team of security operations, developers, and DevOps experts. Only NP Tech staff have access to the core DaDesktop system itself.
• NobleProg holds full rights to access and modify every part of the source code.

Backup Systems and Failure Recovery

1. Trainers and participants can opt to duplicate their entire desktop in real time using the remote replica feature.
2. While working on experiments, you can turn on automatic snapshots of the desktop. If things go wrong, the system quickly restores the last working state.
3. Servers are housed in multiple redundant datacentres, so if one location fails, another nearby can take over with minimal delay.
4. The DaDesktop infrastructure spans several datacenters across the globe, including facilities in Hong Kong, all backed by strong physical and IT security protocols.
5. DaDesktop relies on QEMU/KVM to spin up and manage virtual machines. Both QEMU and KVM are native components of the Linux operating system, which makes rolling out security patches fast and straightforward—there’s no dependency on third-party providers. QEMU/KVM consistently outperforms many commercial alternatives in both security and performance benchmarks.

Our Zero-Trust Approach

1. Only NP Tech staff with pre-registered IP addresses can reach the NobleProg and DaDesktop environments. We use IP tables firewall rules to block access for SSH and other ports except from those known IPs.
2. Every system is guarded by both two-factor authentication (2FA) and a password. Even if someone somehow gets hold of a password, they still can’t get in because their IP won’t be whitelisted and they won’t have the one-time passcode.
3. During a DaDesktop course, each desktop’s network is completely isolated—there’s no connection to other desktops or the public internet.
4. All NobleProg staff must use multi-factor authentication (MFA) to log into any NobleProg or DaDesktop system. When an employee leaves, their access is revoked immediately to guard against unauthorised entry.

Linux System Hardening

1. Each DaDesktop server node is kept minimal by installing only the essential packages—we build and run a tailor-made, stripped-down Ubuntu version that cuts complexity and overhead. With fewer packages in play, there are naturally fewer potential security gaps and fewer services running at any moment. The typical install for a DaDesktop node is just 250 MB.
2. Direct SSH access to the root account is completely switched off.
3. The DaDesktop infrastructure runs on the latest stable release of Ubuntu Linux and handles updates and patches automatically. This dramatically lowers the risk of zero‑day exploits.
4. We continuously scan our servers for known vulnerabilities.
5. Any packages or files that aren’t needed are removed to reduce the attack surface.
6. NobleProg has full access to every piece of source code in the project. If a vulnerability emerges and no official patch is available yet, our security team can apply a fix right away.
7. Systems are kept up‑to‑date through automatic unattended upgrades.
8. All outgoing connections from our servers to the dark web are monitored and can be automatically blocked if suspicious.

Around‑the‑Clock Monitoring

1. NobleProg keeps a constant eye on all its servers, including the DaDesktop systems. Whenever something needs attention, alerts are generated and then followed up until they’re resolved. We also carry out regular reviews of past alerts and issues to stop the same problems from cropping up again.
2. We track CPU, memory, and network activity on every DaDesktop server, trainer machine, and participant environment. On top of that, all DaDesktop nodes and the underlying system are monitored for any CVEs; if a flag appears, it’s checked straight away. Most security patches are applied automatically, but any exceptions that show up are patched manually, and other countermeasures can be taken if needed.
3. Fresh Start machines used in courses are recorded automatically, which gives us a way to review any setup problems a trainer might encounter. Optionally, recordings can also be made of the trainer’s machine and the training room during a session. This feature is fully controllable through the UI and can be turned off if it isn’t needed.
4. The DaDesktop OS templates are refreshed roughly every two weeks to include the latest security patches.