Hi everyone this'll be my first time posting on dumpshock. Nice to meet Everyone (IMG:style_emoticons/default/smile.gif)

I have a question. If I daisy-chain a series of proxy commlinks together using a a fiber-optic cable will this assist in slowing down or stopping an invading hacker from getting to my main comm? What are the ups and downs to doing this?

The idea behind this is that the main commlink is being protected by several layers of proxy commlinks each with a firewall and denfense agents with the last one being public and having wireless transmission that holds all my falsified documentation.

Any thoughts or am I just over complicating things? (IMG:style_emoticons/default/rollin.gif)

Welcome. Mind your fingers and don't feed the inmates. (IMG:style_emoticons/default/smile.gif)

You've touched upon a subject of debate here. In terms of hacking, to get to the 'end node' I would say, sure this adds layers of defense that would have to be passed in order to get to that last node. It would have little to no effect in defending (we'll say you, for this example, as in this is your node/commlink chain), as your telepresence location is considered to be where its at. Example, if you're using this link chain to hack into someone else's node, the number of links you have doesn't matter, all that matters is where your 'matrix form' is located (usually, in this case, its in someone else's node)

I would say there is still a benefit for the chaining though.

Heh, this is the like the fifth time in the past month this has come up.

It will protect somewhat against someone coming IN.

For a simple set-up, throw a high Analyse program in each commlink and have it set to shut off the hardware if it detects an intrusion. You can, of course, get a lot more complicated with layered defenses. In the end, though, it's not so much "stopping" an intruder as "slowing him down".

However! If you are connecting OUT to the Matrix via that commlink daisy chain, and run into some nasty IC or enemy, chaining the commlinks won't do a damn thing to protect you from the attacker. You have an Icon extended out into the Matrix, and that provides the attacker a direct line to your persona.



-karma

This is more for protection from hackers trying to get into my primary comlink without my notice and start messing with the data and other stuff inside there.

One of my other concerns is whether or not this daisy-chain configuration will slow down my activities in the matrix assuming that each comm carries similar or better stats to the primary one.

It won't effect going out. Keep in mind that one of the things about the matrix is where your virtual self is.

1. Hacking anothers comm, your vritual self is on his com (the chain of comms has no effect on your matrix capabilities in another node).
2. Defending your main comm, they will have to hack through your wired links first (but they can shut down the first com, so you'd have to activate the wireless node on another commlink in the chain).
3. If all but your main commlink is wireless you only really need 1 other commlink (the rest are not worth it as an intruder is 1 node away from the main commlink).
4. Good encryption is cheaper, and going beyond 3 linked nodes is probably not worth it.
5. Slaving all wireless stuff to the main comlink is a good idea too (Tacnet, otherteams comms, drones, smartlinks, etc,etc).

Another thing to remember is that whatever you can do, your GM can do.

That's one of the problems with taking the layering or optimization route; if it's interpreted to work the way some players want to read it, if you use it to protect your gear, then logically anything of significance out there in the corporate world will be set up with the same set of protections, only as large and robust as money can buy.

Putting a fake commlink with a fake SIN and legal stuff on it as your wireless connection and running your main commlink in hidden mode with all your high-tech illegal software and cyberware linked in is almost standard practice, at least among those with significant software.

But the value of going beyond that is a topic of much debate.

Remember that if you're hacking from your main commlink that you get response degradation for each proxy in use. If you're hacking from a commlink on the outer edge of the chain, then what's the point of layering anyway?

I don't recall the degradation when using the commlinks in this manner. But the advantage in defense is that if the intruder wants to crash your home node he'd have to go through the others. As I recall, the intermediate comlinks in the daisy change funtion like a router (and this is how the wireless matrix works too).

As I understand it, most everyone agrees that you can stack one commlink in front, running public, with your main commlink running in hidden. This gives you a basic layer of protection. It's similar on a conceptual level to how routers/gateways/servers work today.

It also seems to be the default assumption for the structure of Matrix nodes - a single door in/out that must be hacked in order to gain access to all the other linked nodes on the network. Secure nodes may not be on that network at all - probably no matrix access - and thus can require an "in the meat" visit.

The main point of debate is whether or not you can put more than one router/server/gateway in place with a single sequential order that forces someont to hack through many levels. Further points ask what the cost is, besides just nuyen, to doing things this way, and why aren't AAA-secure facilities built with this kind of protection.

Query: Wouldn't daisy-chaining with a fiberop cable connecting all of them sort of defeat the purpose?

Apparently, you have to hack through each node. Not sure why. (IMG:style_emoticons/default/smile.gif)

1) I'd have a ball with glitches on that system. You've added a lot of points of possible failure.

2) If someone does get in and realizes what you have, they're golden. They can drop anything in the middle of that chain and you'll be fighting your own haystack trying to find the needle that's betraying you.

3) I don't know anyone who does a lot of software work who doesn't regularly curse their firewalls (and even more frequently the firewalls of their customer). If you have some new software that you want to use, you're gonna have to get past all those firewalls. The first one is assumed to be taken care of when you install, but the whole point of a firewall is to keep something new from getting through. I can easily see you having to make a lot of rolls when you upgrade or get some new ware.

Degradation occurs when you set tyte comlink cahin as Proxy Servers... you would generally not want to do this because of the degradation... A better option is to just chain them, and thus you will have no degradation, it is just another node that you pass through... In this manner, it is also just another node an intruding hacker has to pass through, though you could protect the hell out of them. As a note, this becoems expensive somewhat quickly, so it is probably not something that you would want to do if you are lacking in funds. (IMG:style_emoticons/default/smokin.gif)

On the other hand, it's essentially nothing to most corporations, which means you're never getting in. (IMG:style_emoticons/default/smile.gif)

No, it means that getting in is going to take a fair amount of time and expertise, and you will not do it trivially. Not everyone can be FastJack after all... (IMG:style_emoticons/default/smokin.gif)

And yes, Most Corporations will take this route... (IMG:style_emoticons/default/wobble.gif)

Thanks for clearing up the rules on degradation (IMG:style_emoticons/default/smile.gif)

For a second there I thought this comlink topography wouldn't be all that useful after reading pg 104


quick question though. If all the nodes are protected by firewalls does this also help in slowing down an invading hacker without slowing down my response?

double post sry bout that (IMG:style_emoticons/default/frown.gif)

Are you running anything on those nodes besides firewalls? Are you running Encryption, Analyze, and an Agent? Are you running them at level 3 or at a level that's going to detect a serious threat and alert you? Are you spending enough cash to give those agents the response and system to depend themselves or are you expecting them to alert and delay you while you log out and unplug the commlink. (And then what? Do you manually check all those commlinks before plugging in again?)

I'm trying to figure out what you're planning on doing. Either you have a lot of daisy chained Sony Emperors that can be hacked on the fly by an agent program while the hacker is busy elsewhere or you have a very expensive collection of high response and system comlinks (with NO signal rating) running expensive software. If you actually price out the system, you could then test the difficulty of hacking it.

Expense is the biggest drawback, as suoq said. All it will really do is delay the dedicated hacker: instead of doing one probe, they have to do three (if there are three chained commlinks). It is far more economical to just use Strong Encryption (changed regularly, be it weekly or monthly) on the hidden node that is your main commlink, with perhaps a cheap decoy commlink for public use.

I think I'm going for the high system & response comlinks with defense software & agents running on it but I'm likely going to keep it to a maximum of 3 or 4 total comms which includes the transmitting wireless comm.

Eh. "Too expensive" can be a problem, but "Not Paranoid Enough" can be a bigger problem.

Do all of it. Layered nodes WITH strong encryption and decoys.

You can always adjust your spending habits to budget for a big purchase. Adjusting anything is much harder if you are dead because decided to be cheap on your security.

(IMG:style_emoticons/default/smile.gif)



-karma

And for basically any corporation (not just the big boys), the money that would cost is trivial.

You keep saying that like the Corporations are not doing this already... they are...

When is the last time you hacked a Corporate System and it consisted of only a single Node? I would be willing to bet that you can't tell me, as a single node system is ludicrous for something as large as a Corporation, let alone a Mega. (IMG:style_emoticons/default/wobble.gif)

hi hi

I don't know if I have any particularly useful advice. After my character got her cybereyes hacked I decided to actually lay out my commlink defense topography.

This is what I came up with.

Perhaps it will give you some ideas.

No, Tymeaus, I mean that any corp could easily have *hundreds* of layers, to the point that any hacking takes longer than physically rerouting the network; that is, literally unhackable. The ZO is only listed as having like 16, so no, I think it's right to say that no one is doing this.