IPB

Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Reply to this topicStart new topic
> Defending your Commlink, (or, how to build a minefield)
The Jopp
post Feb 3 2006, 10:08 AM
Post #1


Runner
******

Group: Members
Posts: 2,925
Joined: 26-February 02
Member No.: 948



Ok, first we need some basic defense...

Hidden mode
Hidden mode buys time and makes sure that you are not instantly spotted by prying eyes.

Encryption
Encryption is your friend, especially if they DO find your hidden signal, now they have to decrypt the darn thing before they can even begin hacking.

Data Bombs (now the fun begins)
Data bombs can be attached to a specific FILE or DEVICE, but only 1 per device or file.

Now we attach a databomb to the following devices & programs.

Encryption (When they try to crack the encryption it goes BOOM (I assume they can scan the encryption first to try and FIND the databomb first.)
Commlink (When they crack the encryption and try an exploit test it goes BOOM (unless they find it)

Now, this might be a bit of a stretch but since the System/OS is listed as a program one could probably add a databomb to that one as well (this mainly be useful to protect a system from “Crash Program action” or at least just kick the hacker in the face a it goes down in flames.

For a hacker with a good commlink it will take up 4 response slots (Encryption, databomb, databomb, OS databomb) yea, so you only have 1 response slot left, but you DO have a minefield.

Of course this will not be used when doing actual hacking but it is a nice casual defense against snoopers and for datacarriers who wants to protect their data.

Data Locks
Even if a hacker might lack access to the data he would still be able to access the device, and thus add a databomb to the device.

For added defense of sensitive data one can add 3 databombs to a data lock.

1.to the datalock itself
2.the encryption is a program and can therefore be loaded with a databomb.
3.the data itself can also be loaded with a databomb

The last two databombs can only be added by the actual program owners who load the program into the data lock.

Go to the top of the page
 
+Quote Post
BaronSameday
post Feb 3 2006, 01:18 PM
Post #2


Target
*

Group: Members
Posts: 20
Joined: 17-January 06
Member No.: 8,175



Like the idea.

Then you could add another Commslink as a DMZ which does the real control of your wirless systems?

Think It might be gaming the game because you are making other levels of firewalls but I do think it would be allowed.


Go to the top of the page
 
+Quote Post
fistandantilus4....
post Feb 3 2006, 01:24 PM
Post #3


Uncle Fisty
**********

Group: Admin
Posts: 13,891
Joined: 3-January 05
From: Next To Her
Member No.: 6,928



doesn't a databomb destroy the file that it's attached to though? If so, seems short sighted to attach one to your OS. Unless you're in the "If I can't have it , nobody can" camp.
Go to the top of the page
 
+Quote Post
Aku
post Feb 3 2006, 01:40 PM
Post #4


Running, running, running
*****

Group: Dumpshocked
Posts: 2,220
Joined: 18-October 04
From: North Carolina
Member No.: 6,769



ok, heres a couple of questions ('m still trying to learn the system)

1)If you do the hidden comm/active comm schtick, would you actually be hacking through the active comm? (might be a good defense, especially in highly physcially secure areas. Hack through the public comm, spoof it to look like thats what's being used, and then if trouble comes around, offer up the comm for inspection "see officer, i dont have anything special on there, theres no way it coulda been me, my comm musta been comprimised, i'll make sure to beef up it's security right away officer")

2) for the databombs, i seem to remember "something" about, once they're enabled, they don't take up any system, it's just the actual databomb program that does, but i cant remember where i read this, if it was here on DS or i saw it in the book...

3) Agent Use-- Assuming that i wholey screwed up on number 2, and each bomb does infact use up response, could you not load up an agent for expressly this purpose? as far as i can tell, you are only hit with 1 response decrease with agents (for the agent itself) and not it plus every program you load onto it.
Go to the top of the page
 
+Quote Post
The Jopp
post Feb 3 2006, 01:48 PM
Post #5


Runner
******

Group: Members
Posts: 2,925
Joined: 26-February 02
Member No.: 948



I’d rule that IF you use another commlink to ”hack through” then you would access and hack from another node, and that node will have a lower response.

Let’s put it this way. The commlink you have uses an OS that “contains” up to your response rating in programs, but at the same time your OS is a program as well – this will be reflected in your “firewall” commlink since it will be running the “primary” commlink as a program (the OS should be accessible through that commlink).

This gives us several options – and drawbacks.

The good
You have a secondary line of defense that can be filled with agents and databombs and even secondary encryptions.

Example (Solution 1 – one I find logical since one does not use up ALL resources of the firewall commlink)

Step 1
Firewall Commlink R5 – runs Encrypt, Databomb Device and IC (2 slots left)
Hacker Commlink R5 – runs 4 different programs (1 slot left)

Step 2
Hacker Commlinks connects through Firewall Commlink

Result

Firewall Commlink R5 – runs Encrypt, Databomb Device, IC, Hacker OS (1 slots left)
Hacker Commlink R5 – runs 4 different programs (1 slot left)

Solution 2 (quick and simple but slightly more illogical.

For each commlink connecting to another you lower the response by 1 on the “Firewall” commlink – and thus lowering the limit for the Hacker commlink as well.

The bad
Well, that depends on how you run it.

Unless the hackers are aware of an intrusion a “Crash OS” would be quite bad for them as they would be thrown out of the node.

Databombs have the option of destrying files if the user wish it.
Go to the top of the page
 
+Quote Post
BaronSameday
post Feb 3 2006, 02:39 PM
Post #6


Target
*

Group: Members
Posts: 20
Joined: 17-January 06
Member No.: 8,175



The above systems has lots of advantages and might make hackers/tecno cry :)

Load Commlink one with false sin and other rubbish and place LOTS of defense within it. Allows you to walk around being "joe public".

Then link second Commslink to it by wire(hay it is in your pocket) Then hook all your wirless kit into the second one. When you need wireless access just open up the gateway between the 2. In fact you could leave it open most of the time and just live on the secuirty of both commslink.

As long as all you wirless stuff is linked to your second commslink you should be golden.

just an idea?
Go to the top of the page
 
+Quote Post
Rotbart van Dain...
post Feb 3 2006, 03:05 PM
Post #7


Hoppelhäschen 5000
*********

Group: Members
Posts: 5,807
Joined: 3-January 04
Member No.: 5,951



You attach Data Bombs either to Devices or Files - they activate and crash only when those are accessed.

So, not data-bombing Encryptions or running Programs.

OS is not a Program, on the other hand, and daisy-chained Node may serve as chokepoints, but they do not limit performance.
Go to the top of the page
 
+Quote Post
BlackHat
post Feb 3 2006, 03:07 PM
Post #8


Great Dragon
*********

Group: Members
Posts: 5,486
Joined: 17-March 05
From: Michigan
Member No.: 7,180



QUOTE (BaronSameday)
The above systems has lots of advantages and might make hackers/tecno cry :)

Load Commlink one with false sin and other rubbish and place LOTS of defense within it. Allows you to walk around being "joe public".

Then link second Commslink to it by wire(hay it is in your pocket) Then hook all your wirless kit into the second one. When you need wireless access just open up the gateway between the 2. In fact you could leave it open most of the time and just live on the secuirty of both commslink.

As long as all you wirless stuff is linked to your second commslink you should be golden.

just an idea?

If your wireless devices are subscribed to the second commlink, it must be online in hidden mode - which means its not really "behind" the first commlink at all.

Initially looking at you, they would see your public commlink. With a little scanning, they could find your wireless devices and your hidden commlink. Then they could just hack the second commlink, avoiding all the defenses you loaded on the first one.
Go to the top of the page
 
+Quote Post
nick012000
post Feb 3 2006, 03:07 PM
Post #9


Running Target
***

Group: Members
Posts: 1,283
Joined: 17-May 05
Member No.: 7,398



They will count against the devices you can have subscribed, however.
Go to the top of the page
 
+Quote Post
Azralon
post Feb 3 2006, 03:09 PM
Post #10


Shooting Target
****

Group: Members
Posts: 1,651
Joined: 23-September 05
From: Marietta, GA
Member No.: 7,773



QUOTE (Rotbart van Dainig)
You attach Data Bombs either to Devices or Files - they activate and crash only when those are accessed.

Okay, so you set your honeypot file out there in the open, called "Blackmail Information" or "Elf Pr0n" or something.
Go to the top of the page
 
+Quote Post
Dashifen
post Feb 3 2006, 03:45 PM
Post #11


Technomancer
********

Group: Retired Admins
Posts: 4,638
Joined: 2-October 02
From: Champaign, IL
Member No.: 3,374



LOL! Honeypots in SR4. I love it.

Another baddie that I did once is to attach a databomb to an IC program. When the IC program goes down, the bomb goes off. Similar to the old Trap IC in SR3 except it doesn't launch anothre IC program, just the bomb.
Go to the top of the page
 
+Quote Post
BlackHat
post Feb 3 2006, 03:52 PM
Post #12


Great Dragon
*********

Group: Members
Posts: 5,486
Joined: 17-March 05
From: Michigan
Member No.: 7,180



QUOTE (Dashifen @ Feb 3 2006, 10:45 AM)
Another baddie that I did once is to attach a databomb to an IC program.  When the IC program goes down, the bomb goes off.  Similar to the old Trap IC in SR3 except it doesn't launch anothre IC program, just the bomb.

QUOTE (Rotbart van Dainig @ Feb 3 2006, 11:05 AM)
You attach Data Bombs either to Devices or Files - they activate and crash only when those are accessed.


As above - you attach them to devices or files. An Agent running with a Databomb program in its payload doesnt' trigger it when he crashes - he can just use it to trap otehr devices or files.

If you put the databomb on file for the IC program it still wouldn't trigger when it crashes, it would trigger if an unauthorized user tried to access that file (to launch some IC).

You definatly can't use Data Bomb as an attack program. Though it would be sweet if you could, since its automatic damage that the icon who tripped it cannot avoid.
Go to the top of the page
 
+Quote Post
The Jopp
post Feb 3 2006, 03:56 PM
Post #13


Runner
******

Group: Members
Posts: 2,925
Joined: 26-February 02
Member No.: 948



QUOTE (BlackHat)
If your wireless devices are subscribed to the second commlink, it must be online in hidden mode - which means its not really "behind" the first commlink at all.

Initially looking at you, they would see your public commlink. With a little scanning, they could find your wireless devices and your hidden commlink. Then they could just hack the second commlink, avoiding all the defenses you loaded on the first one.

Not quite, if you use an internal commlink (or another external) just disable the wireless connection and route it through the Personas subscription list to be "hidden". In order to "see" the other commlink they would have to hack the first one.

The fun thing is that hackers can have their own tiered networks, on a slightly smaller scale.

I started writhign this a little while ago, does it sound logical (this is as far as I have understood the rules for networking and limitations on response)


Step 1: What is a Node?
A node is any wireless device or network that can be connected to the Matrix and accessed through the matrix (See matrix topology in SR4 page 206). At the bottom of the hierarchy are the commlink and the personal area networks.

Conclusion: Commlinks are NODES.

Step 2: Accessing Nodes & Response
Programs are limited by the Response on the Node on which they are uploaded (See “System (Software)” page 213. If you have a Node with a Response 5 and System 5 then you can run up to five programs. If you upload a rating 4 agent on a Response 2 node then it will be limited to rating 2.

If you hack into a Node with a Response of 2 and your own Commlink (a Node in itself) has a Response of 5 then all your programs are run with rating 5, unless you load more than 5 programs. The Response 2 Node will be limited to rating 2 programs.

Step 3: Accessing Multiple Nodes
If you access a tiered network (in this example lets assume we have a team with multiple commlinks networked for added security)

We have three (3) Nodes (Commlinks) and they have a response equal to their name (Response 1-3). In order to access commlink 3 we need to hack through the first two just to be able to TRY hacking the last one.

There is no limitation to the Hackers commlink when accessing the third commlink THROUGH the other two according to SR4, this means that only programs UPLOADED on the actual Nodes (Commlink 1-3) are limited by Response.

Ok, this actually means that hackers can use their own tiered secure networks of several defensive commlinks. Ok, money might be an issue though.

Go to the top of the page
 
+Quote Post
The Jopp
post Feb 3 2006, 04:04 PM
Post #14


Runner
******

Group: Members
Posts: 2,925
Joined: 26-February 02
Member No.: 948



QUOTE (Rotbart van Dainig)
You attach Data Bombs either to Devices or Files - they activate and crash only when those are accessed.

So, not data-bombing Encryptions or running Programs.

OS is not a Program, on the other hand, and daisy-chained Node may serve as chokepoints, but they do not limit performance.

But programs are files, arent they?
Go to the top of the page
 
+Quote Post
Brahm
post Feb 3 2006, 04:08 PM
Post #15


Shooting Target
****

Group: Members
Posts: 1,635
Joined: 27-November 05
Member No.: 8,006



Not running Databomb, which is different. Why couldn't you put a Databomb on an IC. So the first access to the running program, say to attack it, set it off? It depends on what you class as being protected by Encrpyt.

I assume Scramble is just an artifact from copying SR3 text.
Go to the top of the page
 
+Quote Post
Brahm
post Feb 3 2006, 04:11 PM
Post #16


Shooting Target
****

Group: Members
Posts: 1,635
Joined: 27-November 05
Member No.: 8,006



QUOTE (The Jopp)
But programs are files, arent they?

Running programs have icons, and you can put it on an icon. The only stipulation is that the icon be protected by Encrypt. So it sort of depends on whether you rule a given running program is protected by Encrypt.
Go to the top of the page
 
+Quote Post
hobgoblin
post Feb 3 2006, 05:11 PM
Post #17


panda!
**********

Group: Members
Posts: 10,331
Joined: 8-March 02
From: north of central europe
Member No.: 2,242



QUOTE (fistandantilus3.0)
doesn't a databomb destroy the file that it's attached to though? If so, seems short sighted to attach one to your OS. Unless you're in the "If I can't have it , nobody can" camp.

iirc from older versions, failing to decrypt a encrypted file properly would destroy said file (ouch! sounds like perfect DRM thinking). but a databomb do not destroy the file its attached to.

you may compare a databomb to a tripwire.

if you databomb a device you put a tripwire on a door. if you open said door without taking the right steps beforhand, boom.

putting a databomb on a file is like tripwiring a box. open or move the box and boom.

sadly you cant put a dead-man tripwire on a IC or agent, would be all to cool :smokin:

so here is my setup:

tripwire on device.
encryption on connection.
hidden mode.

first you have to locate, then you have to decrypt. and if you dont watch out, things go boom when you then try to access the device. and if i want to i can then have more databombs sitting on all kinds of files. hmm, maybe i can even databomb the smartlink or other similar devices. so if the hacker trys to screw with my aiming he yet again gets a boom :silly:

and why do i envision all this as good old round black bombs with a fuse? :wobble:
Go to the top of the page
 
+Quote Post
Rotbart van Dain...
post Feb 3 2006, 10:58 PM
Post #18


Hoppelhäschen 5000
*********

Group: Members
Posts: 5,807
Joined: 3-January 04
Member No.: 5,951



QUOTE (The Jopp)
But programs are files, arent they?

Running Programs are Programs - of course, you can protect stored Programs, which are files.

Agents/IC should be possible carriers, too - but that only matters when someone is trying to get inside them...
Go to the top of the page
 
+Quote Post
Cain
post Feb 27 2006, 07:09 PM
Post #19


Grand Master of Run-Fu
*********

Group: Dumpshocked
Posts: 6,840
Joined: 26-February 02
From: Tir Tairngire
Member No.: 178



Sorry to dig up an old thread, but a new trick just popped up:

Let's say that you have two commlinks. The first is loaded with a Fake ID, and generic material so you can pose as Joe Public. The second is in hidden mode and skinlinked, unconnected to your first commlink, and connects to all your shadowgear. Now, as I read it, the skinlink alone renders you immune to hacking and jamming attempts; and the first allows you to avoid the problems of going about in hidden mode. If you need it, you add a third commlink with a high Firewall to serve as your communicator.

I can't see any flaws in this setup in the RAW, which means that anyone with 600 :nuyen: is immune to hacking attacks on their gear. If that's true, what's the point of all the threats on hacking gear?
Go to the top of the page
 
+Quote Post
neko128
post Feb 27 2006, 07:19 PM
Post #20


Moving Target
**

Group: Members
Posts: 327
Joined: 28-January 06
Member No.: 8,209



QUOTE (Cain)
Sorry to dig up an old thread, but a new trick just popped up:

Let's say that you have two commlinks. The first is loaded with a Fake ID, and generic material so you can pose as Joe Public. The second is in hidden mode and skinlinked, unconnected to your first commlink, and connects to all your shadowgear. Now, as I read it, the skinlink alone renders you immune to hacking and jamming attempts; and the first allows you to avoid the problems of going about in hidden mode. If you need it, you add a third commlink with a high Firewall to serve as your communicator.

I can't see any flaws in this setup in the RAW, which means that anyone with 600 :nuyen: is immune to hacking attacks on their gear. If that's true, what's the point of all the threats on hacking gear?

Well, first, define "all your shadow gear". I still posit that having it all touch your skin is infeasible in many cases, or at least infeasible for reliability.

Second, if your "public" commlink is not linked in any way to your "private" one, then actually USING both is going to be an interesting trick. If they're both connected to the same display/interface device (goggles, cybereyes, whatever), then it's possible to break through from one to the other; and if they AREN'T connected to the same display device, you have trouble actually using at least one.

Third, at least to my understanding, commlinks in hidden mode are not broadcasting their presence, but ARE both discoverable and hackable with enough effort.
Go to the top of the page
 
+Quote Post
Cain
post Feb 27 2006, 09:39 PM
Post #21


Grand Master of Run-Fu
*********

Group: Dumpshocked
Posts: 6,840
Joined: 26-February 02
From: Tir Tairngire
Member No.: 178



QUOTE
Well, first, define "all your shadow gear". I still posit that having it all touch your skin is infeasible in many cases, or at least infeasible for reliability.

In the trick I was shown, the smartlinked guns and heavily modified contact lenses were linked to the hidden commlink. It could easily be expanded to include various bits of cyberware, however.

QUOTE
Second, if your "public" commlink is not linked in any way to your "private" one, then actually USING both is going to be an interesting trick. If they're both connected to the same display/interface device (goggles, cybereyes, whatever), then it's possible to break through from one to the other; and if they AREN'T connected to the same display device, you have trouble actually using at least one.

The public commlink was connected solely to a set of AR glasses, with no vison mods. That means that you can't put false visual details onto the glasses, since they're not really showing you anything. The worst that could happen is a bunch of AR details popping up, but then you can take off the glasses without being the worse for wear-- all the vision mods are in the contacts.

QUOTE
Third, at least to my understanding, commlinks in hidden mode are not broadcasting their presence, but ARE both discoverable and hackable with enough effort.

That's the question, though. First of all, won't the skinlink prevent most wireless access, since everything is running though direct contact? Second, with two commlinks, how likely is it that the second one would even be discovered? The point is to set the first commlink as a decoy; if I read p 225 correctly, trying to notice a hidden node when there are nonhidden ones nearby raises the threshold to 15. That means that you're not likely to get hacked during combat, and probably not noticed at all, if you keep moving.
Go to the top of the page
 
+Quote Post
Kyoto Kid
post Feb 27 2006, 10:00 PM
Post #22


Bushido Cowgirl
*********

Group: Members
Posts: 5,782
Joined: 8-July 05
From: On the Double K Ranch a half day's ride out of Phlogiston Flats
Member No.: 7,490



This is why if you are not a hacker or do not posess the appropriate skills (such as in the case of my Adept KK 4.1), it's wise to spend the BPs for a hacker as contact with a loyalty rating of 5 or 6.
Go to the top of the page
 
+Quote Post
Rotbart van Dain...
post Feb 27 2006, 11:05 PM
Post #23


Hoppelhäschen 5000
*********

Group: Members
Posts: 5,807
Joined: 3-January 04
Member No.: 5,951



QUOTE (Cain)
I can't see any flaws in this setup in the RAW, which means that anyone with 600 :nuyen: is immune to hacking attacks on their gear.

Not really a flaw, but as long as you run a mode at all, wifi still is enabled.

So, someone could hack the cheap commlink and use it to scan for your hidden one - as soon as it becomes obvious that the cheap one is just cover.

Absolute security against hacking relies on being offline.
Go to the top of the page
 
+Quote Post
hobgoblin
post Feb 27 2006, 11:44 PM
Post #24


panda!
**********

Group: Members
Posts: 10,331
Joined: 8-March 02
From: north of central europe
Member No.: 2,242



absolute comlink security relies on it being at the bottom of the sea, coverd in a unknown number of layers of concrete, diffrent hard and heavy metals, dikote, and watched over by a equal number of 3 digit rating spirits and some very well payed great dragons...
Go to the top of the page
 
+Quote Post
Rotbart van Dain...
post Feb 28 2006, 12:01 AM
Post #25


Hoppelhäschen 5000
*********

Group: Members
Posts: 5,807
Joined: 3-January 04
Member No.: 5,951



Nah - to ultimately secury a commlink against hacking, just grind it to fine dust... which you burn. :grinbig:
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 17th April 2024 - 09:33 PM

Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.