✉️contact@dadesktop.gr
🌐 Ελληνικά
DaDesktop

Security

Ownership and Control
Redundancy and Failure Recovery
  1. Trainers and participants have the option to replicate the entire desktop in real time using the remote replica feature.
  2. During hands-on work, you can enable automatic snapshots of the desktop. If a crash occurs, the system can restore the most recent stable version.
  3. Servers operate out of redundant data centres, so if one facility goes down, another is immediately accessible with minimal latency.
  4. The DaDesktop infrastructure spans multiple data centres across the globe, all protected by comprehensive physical and digital security measures.
  5. DaDesktop relies on QEMU/KVM for creating and managing virtual machines; both are integral components of the Linux operating system. Because QEMU and KVM are built into Linux, security patches can be rolled out swiftly and with no dependency on external vendors. QEMU/KVM has a strong track record for security and performance, surpassing many commercial alternatives.
NobleProg Enforces a Zero-Trust Policy
  1. Access to NobleProg and DaDesktop systems is granted only to NP Tech staff whose IP addresses have been pre-registered. IP tables firewall rules are employed to block SSH and other ports from unauthorised entry.
  2. Every system is secured with two-factor authentication and a password, meaning that even if an attacker manages to obtain a password, they still cannot gain access — their IP won’t be whitelisted and they won’t have the one-time password.
  3. During a DaDesktop course, each desktop network is kept isolated from both other desktops and the public internet.
  4. All NobleProg staff use multi-factor authentication to log into NobleProg or DaDesktop systems. Access is revoked instantly when a staff member departs, safeguarding against unauthorised use.
Linux Hardening
  1. DaDesktop server nodes run a minimal, custom-built version of Ubuntu that we maintain ourselves, containing only the essential packages needed. This reduces complexity and overhead, shrinking the attack surface because fewer packages and services are active. The typical installation footprint for each node is just 250 MB.
  2. Root account access via SSH is disabled.
  3. The DaDesktop infrastructure runs the latest stable Ubuntu Linux release, with automatic upgrades and patches applied, thus lowering the risk of zero-day vulnerabilities.
  4. Servers are continuously scanned for known weaknesses.
  5. Unnecessary packages and files are removed.
  6. NobleProg has full access to all project source code. If a vulnerability is found and no official patch is yet available, our security team can implement a fix right away.
  7. Systems receive automatic updates via unattended-upgrades.
  8. All connections from our servers to the dark web are monitored and can be blocked automatically.
Monitoring
  1. NobleProg monitors every server, including the DaDesktop infrastructure, and generates alerts for any problem that requires attention. Alerts are promptly investigated and resolved, and we conduct regular reviews to ensure issues are fully addressed and do not recur.
  2. All DaDesktop servers and the machines used by trainers and participants are monitored for CPU, memory, network activity, and more. In addition, we track CVEs (Common Vulnerabilities and Exposures) on every DaDesktop node and the underlying system; any flagged issues are reviewed. Security updates are usually applied automatically, but if something unusual is detected, we patch it manually and can deploy other countermeasures.
  3. For courses, the ‘Fresh Start’ machines are automatically recorded, which helps trainers verify their setup for any issues. Optionally, recordings of the trainer’s machine and the training room during a session can be enabled. This feature is completely controllable through the user interface and can be turned off if not needed.
  4. DaDesktop OS templates are refreshed roughly every two weeks to incorporate the latest security updates.