DaDesktop is developed entirely in-house by NobleProg Tech, with maintenance and development handled internally. Any issues that arise are managed by a dedicated team of Security Ops, Devs, and DevOps specialists. Access to the core DaDesktop system is restricted solely to NP Tech personnel.
NobleProg holds full access and the right to both use and alter all source code
Redundancy and Failure recovery
Both trainers and participants can opt to replicate the entire desktop in real time using the 'remote replica' option
When running experiments, automatic snapshots of a desktop can be turned on. Should a crash happen, the system can restore the most recent working version
Servers are housed in redundant data centres, so if one centre fails, another is accessible with low latency
DaDesktop infrastructure relies on multiple data centres situated across Brazil, all governed by strict physical and IT security measures
DaDesktop utilises QEMU/KVM to spin up and manage virtual machines; both are integral components of the Linux operating system. Because QEMU and KVM are built into Linux, security patches can be rolled out quickly and effortlessly—no reliance on third parties to worry about. QEMU/KVM boasts an outstanding track record for security and performance, outperforming commercial alternatives
NobleProg enforces a zero-trust policy
Access to NobleProg and DaDesktop is granted exclusively to NP Tech staff whose IP addresses have been pre-registered. We use IP tables firewall rules to block SSH and other port access.
Every system is secured with both a password and Two-Factor Authentication. So even if an attacker gets hold of the password, they still cannot get in because their IP isn't whitelisted and they lack the one-time password.
During a course, each desktop network is kept separate from others and from public access
All NobleProg staff sign in using multi-factor authentication (MFA). When an employee leaves, their access is revoked straight away to prevent any unauthorised entry.
Linux Hardening
We keep DaDesktop servers (nodes) lean by only installing essential packages on a custom, minimal Ubuntu build that we create and maintain. This approach reduces complexity and overhead, which in turn cuts down security vulnerabilities because there are fewer packages to run and therefore fewer active services. The typical install footprint is just 250MB per node.
Root account access is turned off for SSH
The infrastructure runs on the latest stable Ubuntu release, with automatic updates and patches applied to minimise the chance of zero-day exploits
We continuously monitor servers for known vulnerabilities
We strip out any unused packages and files
With full access to all project source code, if a vulnerability is found and no patch is yet available, NobleProg's security team can apply a fix right away
Automatic updates are enabled (unattended-upgrades)
Any traffic from our servers to the dark web is watched and can be automatically shut down
Monitoring
All servers, including DaDesktop, are monitored around the clock, with alerts set up for any issues that require attention. We promptly investigate and resolve these alerts, and conduct regular reviews to make sure problems are fixed thoroughly so they don't recur.
We keep an eye on all DaDesktop servers and the machines of trainers and participants—tracking CPU, memory, and network activity. Moreover, DaDesktop nodes and the core system are scanned for CVEs, which trigger alerts on our monitoring platform. While security updates are generally applied automatically, any exceptions flagged are patched manually, and other countermeasures can be put in place if needed.
Fresh Start machines on each course are automatically recorded, so trainers can review them for any problems while setting up. Optionally, recordings of the trainer's machine and the training room can be captured during a course. All of this is managed through the user interface and can be turned off at any time if not needed.
DaDesktop OS templates are typically refreshed every two weeks, incorporating the newest security patches.