Security

DaDesktop is written by NobleProg Tech and maintained and developed fully in-house - any issues are dealt with by own specialist team of Security Ops, Devs and DevOps staff. Only NP Tech staff have access to the underlying DaDesktop system.
NobleProg has access and rights to use and modify all source code

Trainers and users can choose to replicate the entire desktop in real-time via the 'remote replica' option
When experimenting, automatic snapshots of a desktop can be enabled. In case of crash, system can restore last working version
Servers are maintained in redundant datacentres, in case of failure of a datacentre, other datacentre is available with low latency distance
DaDesktop infrastructure uses a number of datacentres located worldwide, with comprehensive physical and IT security policies enforced across India
DaDesktop uses QEMU/KVM to create and run virtual machines; both QEMU/KVM are part of the Linux operating system. As both QEMU and KVM are built in components of the Linux OS, this makes security updates both very easy and quick to be deployed, as there is no third party reliance to be concerned about. QEMU/KVM has an excellent security and performance record, beating those of commercial solutions

We allow only NP Tech staff users who have their IP address pre-registered, to access the NobleProg and DaDesktop systems that we have in place. IP tables firewall rules are used to firewall off access for SSH and other ports.
Each system is protected by Two Factor Authentication and password, i.e. attacker who obtained password only will not be able to access the system as their IP would not be whitelisted and they would not have One Time Password
On a DaDesktop course, each desktop network is isolated from other desktops and the public access
NobleProg staff employees all use an MFA system to login to NobleProg or DaDesktop systems; access is withdrawn immediately if a member of staff leaves to protect our systems from unauthorised access

The DaDesktop server nodes are minimised by installing only the essential packages on a custom, stripped-down Ubuntu version that we build and operate, thereby reducing complexity and overhead. This results in fewer security vulnerabilities, as fewer packages are needed and fewer services run concurrently. The typical installed size is just 250MB per DaDesktop server node.
Access to the 'root' account is disabled in ssh
The DaDesktop infrastructure runs on the latest stable Ubuntu Linux version and is automatically upgraded and patched, thereby minimising the risk of zero-day vulnerabilities
Servers are monitored for known vulnerabilities
Unused packages and files are removed
Should a vulnerability be discovered without an available patch, the NobleProg security team can patch it immediately
Systems are automatically updated (unattended-upgrades)
All connections from our servers to the dark web are monitored and can be automatically blocked

NobleProg monitors all its servers including DaDesktop servers, and alerts are created for any issues that need to be addressed. Alerts are followed up on and resolved. Regular reviews of alerts and issues are conducted to ensure thorough resolution and prevent recurrence.
We monitor all DaDesktop servers, as well as trainer and participant machines, for CPU, memory, and network activity. All DaDesktop nodes and the underlying system are also checked for CVEs, which trigger an alert in our monitoring system. Security updates are normally applied automatically, but any exceptions identified are patched manually, and/or other mitigating actions are taken.
Automatic recordings are captured of the Fresh Start machines used in courses, allowing trainers to review for any issues during preparation. Optionally, recordings of the Trainer machine and the Training Room can be made during a session. This is fully controllable in the UI and can be switched off if not required.
DaDesktop Operating System Templates are updated usually every couple of weeks, with the latest security updates added.