How to protect your devices from Hackers in 5th Edition, Or how I learned to worrying and love the GOD. Options

[Wired_SR_AEGIS]

Interestingly enough, in the real world of security engineering (See also the definitive book on the subject, Ross Anderson's Security Engineering: A Guide to Building Dependable Distributed Systems), the question is never if your system will be vulnerable/insecure, but the degree by which risk will exceed benefit. This is perhaps best illustrated by the following maxim: Secure Systems are unusable. Usable Systems are insecure.

Therefore, everything you personally use is, by definition, insecure.

It seems that in the world of Shadowrun 5th edition, everything is also, by definition, insecure. Which, when you think about it, is great: It keeps Shadowrunners employed.

So at the advice of another poster in another thread, I thought I'd start this up to discuss the best methods, and solicit the collective wisdom of Dumpshock, for securing your devices and your cyberware.

(It's also informative to consider that when the cost of a counter-measure exceeds the benefit that will be derived from it, risk is often accepted rather than mitigated. Remember that when someone suggests that the 100% solution to matrix-aware gear vulnerabilities is to always keep you gear off-line.)

-Wired_SR_AEGIS

[Seerow]

Here's my main question: Can a group's hacker provide passive protection to his group against hackers in the same way a mage can passively provide counterspelling to his whole group?

[Epicedion]

What does GOD stand for anyway? I've seen the acronym but missed the full version.

[Werewindlefr]

What does GOD stand for anyway? I've seen the acronym but missed the full version.

Grid Overwatch Division. Created in the ol' Deus days (I remember them being mentioned in Target: Matrix)

[apple]

Grid Overwatch Division. The 2070 Matrix Gestapo.

SYL

[hermit]

What does GOD stand for anyway? I've seen the acronym but missed the full version.

Grid Overwatch Division. A corp court mandated special forces decker unit from 2E. Probably Grid-cops from CP2020 in SR5.

So at the advice of another poster in another thread, I thought I'd start this up to discuss the best methods, and solicit the collective wisdom of Dumpshock, for securing your devices and your cyberware.

Use bioware. Be awakened. Don't use cyberware if you can help it.

In the case you are stubborn abut this being a cyberpunk game, despite better knowledge: Assuming slaving works somewhat like in SR4, and you can still route a commlink's traffic through another: use a bottleneck commlink you can hard reboot with little problems with the enemy decker inside (dumpshocking them) as a gateway to your actual PAN commlink, which is connected with a fiberglass wire and has (active) wireless deactivated. All your PAN is slaved to this commlink, ideally with wires.

Assuming wires have also become lostech for gamist reasons, slave devices to your commlink and wait to be hacked, the reboot your commlink hoping to dump the enemy decker. Of course, you'll be blind and spasming since your ware stops working without the hub it communicates over, but hey, better than having half a million worth of ware bricked, right?

[Kruger]

It seems that in the world of Shadowrun 5th edition, everything is also, by definition, insecure. Which, when you think about it, is great: It keeps Shadowrunners employed.

They never had trouble finding work before. (IMG:style_emoticons/default/wink.gif)

[Tzeentch]

So at the advice of another poster in another thread, I thought I'd start this up to discuss the best methods, and solicit the collective wisdom of Dumpshock, for securing your devices and your cyberware.

Well, the easy answer is to not use cyberware. At all (may be easier to justify for the actual decker character). If you want to talk risk-reward, it certainly makes sense from a players perspective as it entirely eliminates vulnerability to an entire aspect of the game universe that would otherwise be an easy/lazy avenue of attack for the GM. Completely nullifying deus ex machina plots related to easily tracking your location or shutting down your characters advantages is a big deal, even with good GMs.

Compartmentalize your Matrix legwork. Only use a commlink when necessary and both power it down and store it in a RF shielded bag when not in use (you know, like real criminals). Take a look at the character generation rules and see if you can convert your cyber-samurai concept into a bio-samurai or adept.

Pro Tip: Discuss with your GM how dickish he intends to be with deckers, and plan accordingly.

[DireRadiant]

Here's my main question: Can a group's hacker provide passive protection to his group against hackers in the same way a mage can passively provide counterspelling to his whole group?

Slaving to a Master device makes an Brute Force attempt on your device us the Master Device and Hackers rating for Willpower and Firewall.

[DireRadiant]

Run Silent. Hackers need to take an extra step or two to find you.

[DireRadiant]

Agent performing Matrix Perception and removing uninvited Marks from your own devices.

[Epicedion]

Commlink 1: broadcasting as normal.

Commlink 2: broadcasting only 1m, connected through matrix though commlink 1.

Cyberware connected to commlink 2 (and thus the Matrix through commlink 1)

Commlink 1 loaded with counterintrusion agents.

To get at the actual PAN (that is, commlink 2), any hacker would either have to be within 1 meter or fully hack into commlink 1 as a node to which commlink 2 is accessible as another node. If commlink 1 starts acting up, commlink 2 can sever the connection and lose the Matrix bonus to its connected 'ware.

Now, get commlink 1a, 1b, 1c, 1d, and 1e. If commlink 2 severs from commlink 1a, automatically connect it to commlink 1b, and so on down the line. A hacker would have to hack 5 commlinks to even try to get at your PAN, and after the last one would only have succeeded at removing Matrix bonuses from your 'ware. By that point the hacker should be meat.

[LurkerOutThere]

Here's my main question: Can a group's hacker provide passive protection to his group against hackers in the same way a mage can passively provide counterspelling to his whole group?

No they cannot. The best the can do is if someone is slaved then them they can take a -10 on their inititiave to throw their willpower into the tests involved.

[Seerow]

No they cannot. The best the can do is if someone is slaved then them they can take a -10 on their inititiave to throw their willpower into the tests involved.

Well there's a big stinker. I was hoping to see something like Electronic Warfare acting as a counterspelling bonus for allies, making their team's gear passively more resistant to hacking attempts.

And seriously, giving up a full pass to add willpower? That's really lame.

[Deathstorm]

To start, I'll point out that I only have 4th edition so far, so can't confirm how well these translate to 5th.

Some things you can do to help lessen your chance of getting screwed by your PAN:

1: Hidden mode. Best case, this might mean the opposing hacker spends enough time scanning that your team hacker spots and neutralizes him. Worst case, a good hacker will take a microdrone with a sprayer filled with hacker nanites that will give you a direct link to his commlink, and might start hacking you that turn. Keep your real commlink hidden, physically as well as matrixly. Matrixally? Whatever.

2: IC. Think about it. Since 1st edition, corps have made sure THEIR computers had IC floating around their systems to give deckers/hackers a bad day. So, you've got your system, with YOUR paydata (or valuable cyberware), so why wouldn't you give it the same consideration that the corps do. Chances are you are NOT good enough to program your defender yourself, so get someone you trust to do it for you. That's what fixers are for. To fix you up with things.

3: Redundancy. Add extra steps to hacking your cyberware. Skinlink your wares to your main commlink. Link that with a cable to your burner link. Link THAT via cable to another one. The hacker will need to go through each node to get to the good stuff, and each hacking attempt (after the first) gives you two chances to notice them. One for the node he's in, and another for the one he's hacking. Plus the chance for your hacker buddy to scan him down.

4: Decoys. Bring four commlinks. Three of them in hidden, and the fourth your real one. Better still, have one of the decoys in passive mode, with links to your "cybergun" and other things. Face it. Everybody knows street samurai aren't smart. If they see a Street Sam with a commlink in passive mode declaring him "Super Samruai" (misspelling intentional), they're going to waste their time hacking IT, because we all assume street samurai ARE that dumb. Then, they need to go from there to your fake wares, and only then do they figure out that you pulled a fast one on them. That's a minimum of two-three turns for you to find and pull a fast GUN on them! Again, get your fixer to hire you a hacker to program RFID tags or some junk nodes to fake your cyberware.

5: Redundancy. Yeah. I had to make that joke. Slightly different version though. Don't assume any one security method is enough. Do all of these, plus any others that you like from other people. Plus have a hacker or technomancer on overwatch scanning for bugs. AND have everything set to flush all users and delete their accounts(except you, specifically) the instant it spots ANY suspected intrusion. Heck, along with 3 and 4, set them all up to perform a synchronized flush+delete any time ANY of them spot a suspected intrusion. If you've got a REALLY good hacker on tap, they might even have some way to randomize the ID for the commlinks, so each time the flush+delete happens, the commlinks swap IDs to make things even MORE annoying to figure out (the commlink they try to hack is now one of the decoys, unless they rescan).

6: Imagination trumps science. Remember, this is a cinematic game. This means that movie hacking is the way to think. So if you think of something that would be "impossible" with realistic hacking, try it anyway. If you see something awesome (yet realistically implausible) in a movie, either try it yourself or have your hacker buddy try it! In fact, ABUSE that idea. Like how movies ALWAYS have the timer stop at 1 second, have a built in timer set so anybody who logs in gets a pop up saying "Security violation! Enter code to stop:" with a timer counting down from 4 seconds and a box with space for 4 digits. The correct answer is of course to wait the timer down, and it'll stop and say "Violation cancelled. Have a good day!" or something like that. If any input is made, then boom, instant full alert! Sure, it means you have to wait an extra combat turn when you log into your commlink, but that's better than having some hacker having an easy time getting to your goodies, right?

[LurkerOutThere]

To start, I'll point out that I only have 4th edition so far, so can't confirm how well these translate to 5th.

So then please don't start.

[Aaron]

Here's my main question: Can a group's hacker provide passive protection to his group against hackers in the same way a mage can passively provide counterspelling to his whole group?

Yes. Not exactly the same way, but they can provide passive protection in the form of their own stats when the devices they're protecting are slaved. There is a minor to moderate risk to the master.

I should also mention that SR5 doesn't have daisy-chaining. A device is either on the Matrix or it isn't; there is no gateway architecture (if anybody thinks that we disregarded modern networking practice in the interests of playability, then my counter-argument is ... I got nothing; yeah, we did that).

[binarywraith]

So yeah.


Be a Mystic Adept.


That's pretty much the optimal solution.

[Wired_SR_AEGIS]

Yes. Not exactly the same way, but they can provide passive protection in the form of their own stats when the devices they're protecting are slaved. There is a minor to moderate risk to the master.

I should also mention that SR5 doesn't have daisy-chaining. A device is either on the Matrix or it isn't; there is no gateway architecture (if anybody thinks that we disregarded modern networking practice in the interests of playability, then my counter-argument is ... I got nothing; yeah, we did that).

Well. In your defense... I think you could build a case that the distributed computing available across the matrix in conjunction with new security protocols could reduce the need to use classic network gateway architecture, based on the latency expense it would incur. Particularly when, even today, six white papers titled 'The Host is the new Perimeter' crop up weekly.

Theorizing about the fundamentals of the 2070 Matrix in today's terms would be like listening to a Babbage Contemporary opine about the possibilities of the modern GPU.

-Wired_SR_AEGIS

[Seerow]

Yes. Not exactly the same way, but they can provide passive protection in the form of their own stats when the devices they're protecting are slaved. There is a minor to moderate risk to the master.

To my understanding though, with how expensive cyberdecks are, it's actually much cheaper to get a high rating non-deck, and slave things to that, than slave things to the decker's deck. Like in another thread I saw someone make a point that there was like some rating 6 commlink or something for 5000 nuyen, where you'd spend several hundred grand to get something similar out of a deck. Which means the decker really isn't contributing much of anything to defending the group.

(Also it would take a good long while for any group to be willing to develop enough trust to slave their stuff to someone else's gear. It's one thing accepting some matrix overwatch, it's another thing to surrender control of everything you own to someone else. Hell in real life where I don't have my life on the line if my stuff is compromised, I still am hesitant to give someone else access to my stuff, much less full control over it.

[Aaron]

To my understanding though, with how expensive cyberdecks are, it's actually much cheaper to get a high rating non-deck, and slave things to that, than slave things to the decker's deck. Like in another thread I saw someone make a point that there was like some rating 6 commlink or something for 5000 nuyen, where you'd spend several hundred grand to get something similar out of a deck. Which means the decker really isn't contributing much of anything to defending the group.

More or less. Taking the commlink route is a perfectly legit means of defense, but you miss out on a couple of things. First, the hacker usually has decent Mental attributes that you wouldn't have access to except via slaving. Second, without a Sleaze attribute running silent is much less effective (having a smaller dice pool to defend against spotting attempts) and potentially dangerous (smaller dice pool means higher chance of glitching, especially if you Logic isn't too high).

(Also it would take a good long while for any group to be willing to develop enough trust to slave their stuff to someone else's gear. It's one thing accepting some matrix overwatch, it's another thing to surrender control of everything you own to someone else. Hell in real life where I don't have my life on the line if my stuff is compromised, I still am hesitant to give someone else access to my stuff, much less full control over it.

I find this both wise and insightful.

[LurkerOutThere]

Agent performing Matrix Perception and removing uninvited Marks from your own devices.

That doesn't really do much when they don't need a mark to dataspike you.

[apple]

So yeah.
Be a Mystic Adept.
That's pretty much the optimal solution.

Until the day they discover that they used and write the wrong version of the character creation rules, where mystic adepts cannot by a PP for 2 Karma. So there will be an errata out around the time for SR 6th.

SYL

[Larsine]

And seriously, giving up a full pass to add willpower? That's really lame.

That bonus lasts for the rest of the combat turn, and is in addition to any other defense you employ.

Sometimes it will be worth giving up that one pass.

[Critias]

That bonus lasts for the rest of the combat turn, and is in addition to any other defense you employ.

Sometimes it will be worth giving up that one pass.

It is, essentially, the Full Defense option (for Matrix stuff, instead of meatside dodging). Sometimes worth it, sometimes not. Just like meatside dodging.