 Nodes and Analyze |
  |
 May 15 2006, 06:36 PM
Post
#1
|
|
|
Shooting Target  Group: Members Posts: 1,754 Joined: 9-July 04 From: Modesto, CA Member No.: 6,465  |
Hi again all,
On average, how often do you have your nodes running Analyze to look for intruders? I goes without saying more secure nodes would probably be checking each time someone enters and then again every minute or so, maybe even after each action they perform? I'd assume a glitch triggers an immediate test, and a critical glitch an alert. I'm curious to how everyone else manages this. Only part about this that still bugs me is that once inside, a Hacker is for all-intents-and purposes is a legit user albeit with a hacked account. The only way I'd wager Analyze would know otherwise is if they keep a list of valid Access ID's for each account. If that's the case, you could hack account access and your Spoof the ID of a valid node and glitching aside, be Joe_User_01 with no chance of detection. However, that's not the case with SR4. Any ideas on how Analyze knows you're not legit even with "all the bases" covered? |
 |
 
|
|
May 16 2006, 04:22 AM
Post
#2
|
|
|
Neophyte Runner Group: Members Posts: 2,073 Joined: 23-August 04 Member No.: 6,587 |
As a security hacker setting up the system if I could spare the system resources to run the program at all I would have an IC agent running it with every action it didn’t have something else to do (attack an intruder).
There is no reason not to have it running continuously. The problem with this however is that it makes hacking very very difficult. One solution would be to have an IC agent with detection programs but no attack programs to save runtime, on detection of an intruder it waists an action changing the running programs giving the hacker a free action. Edward |
|
|
|
|
May 16 2006, 08:18 AM
Post
#3
|
|
|
Running Target Group: Members Posts: 1,498 Joined: 4-August 05 From: ADL Member No.: 7,534 |
As given in my example here I allow a scan for every illegitimate action, b y IC only. The node resists hacking attempts with firewall+system when the hacking skill is used for an illegitimate action.
|
|
|
|
|
May 16 2006, 03:05 PM
Post
#4
|
|
|
Moving Target Group: Members Posts: 371 Joined: 10-January 06 From: Regina Member No.: 8,145 |
Keep in mind that if an IC is running the Analyze program, then the rating of that Analyze program doesn't get rolled for the initial "hacking in" attempt. Those dice are supposed to be the Node's Firewall + Analyze. Any IC/Agents running on the Node aren't in the picture yet.
In my world, pretty much any Node/Commlink who's owner is remotely worried about security runs an Analyze program. I see it as the first thing that gets installing when securing a system (besides the Firewall itself, that is). |
|
|
|
|
May 16 2006, 03:29 PM
Post
#5
|
|||
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
I am confused. If the Analyze program isn't running on the node (while being used by the agent), where is it running? |
||
|
|
|
||
|
May 16 2006, 04:43 PM
Post
#6
|
|
|
Neophyte Runner Group: Members Posts: 2,073 Joined: 23-August 04 Member No.: 6,587 |
Depending on the interpretation, a node running IC with an analyze program may need to run a second analyze program (or the same program a second time) to augment the firewall.
Edward |
|
|
|
|
May 16 2006, 05:28 PM
Post
#7
|
|
|
Runner Group: Members Posts: 2,556 Joined: 26-February 02 From: Seattle Member No.: 98 |
That's pretty much how I do it. Things are "compartmented" inside of IC when they're being run by IC... the code for that piece of IC was compiled with an Analyse equivalent built into it. If the node itself wants to run Analyse, it needs to have it's own copy loaded into memory (because the IC's Analyse is part of it's own code).
|
|
|
|
|
May 16 2006, 05:49 PM
Post
#8
|
|||
|
Hoppelhäschen 5000 Group: Members Posts: 5,807 Joined: 3-January 04 Member No.: 5,951 |
On the Agent, which is a 'Node' itself. |
||
|
|
|
||
|
May 16 2006, 06:01 PM
Post
#9
|
|||
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
I've heard that interpretation, but I find it hard to agree with. My biggest problem with the concept is the free running programs: if I have a System 5 commlink, why can I run four Rating 5 agents each running four programs of their own (total of twenty programs) with no Response degredation, but if I try to run half that, I lose two Response? |
||
|
|
|
||
|
May 16 2006, 06:09 PM
Post
#10
|
|
|
Moving Target Group: Members Posts: 371 Joined: 10-January 06 From: Regina Member No.: 8,145 |
Well then, that's the second interpretation of the rules: that every program running on the Agent counts towards the nodes total limit of programs. In that case I would rule that Agents and the Node itself can "share" programs. It depends how you want to play it.
However, I had thought that it was like Shrike30 above explains it. The Agent gets "compiled" with a certain number of built-in programs. The program load out cannot be quickly changed (side note: I don't think there are rules on this but I would say Agent Rating minutes would be a good rule). However, the flip-side is that the Agent and all of its "inherent" programs all count as 1 program as far as the Node is concerned. The Agent acts totally independent of the Node, using its own programs and performing its own actions. |
|
|
|
|
May 16 2006, 06:19 PM
Post
#11
|
|
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
I was under the understanding that the agent had to load the program (whip it out, as it were) into the node it was residing in to use it. By extension, I also presumed that an agent running on a node with access to that node's programs could use those programs.
By extension, of course, this means a hacker who broke into a node with admin privileges would be able to use the same BlackHammer program against the security hacker that the same security hacker is using to beat her up. Hm ... |
|
|
|
|
May 16 2006, 06:21 PM
Post
#12
|
|
|
Runner Group: Members Posts: 2,556 Joined: 26-February 02 From: Seattle Member No.: 98 |
It's worth noting that when a "node" isn't something like a drone or commlink (that is, when you're screwing around in a corporate mainframe or whatever) I don't apply the decreasing Response rule to the system you're on. If you can fit a rating 6 commlink, including all of it's memory and chips, into something the size of an iPod, then you can damn sure get enough parallel processors into something the size of a server rack slot that you can run a few programs without slowing down.
I'd probably apply this to characters, too... if they want to drag something that size into a run location, they can have as many programs going as they want. Think about it... if you could smuggle your hardware into their server room, you could have a real party in their node. mdynna: I'm still up in the air as to whether or not Agents count as only 1 rating (Agent rating) program, or the sum of the Agent and it's component programs. This will hopefully get answered in Unwired, but i'm inclined to say that it's actually the sum of the agent and his components. What you gain by running an Agent isn't a massive jump in processor use efficiency (in exchange for the minor drawback of inflexibility)... you gain essentially an NPC running parallel to you, and doubling the number of actions you can take over any given period of time. So, if it were actually Agent+All Programs, people would either tend to built a really tricked out agent, and then upload it to the node (because it makes their commlink draaaaaaag when they fire up their Agent) or have an Agent running (at max) a couple of programs riding shotgun on their own commlink. |
|
|
|
|
May 16 2006, 06:52 PM
Post
#13
|
|
|
Moving Target Group: Members Posts: 371 Joined: 10-January 06 From: Regina Member No.: 8,145 |
Ok, but you're saying that the Agent and all of its programs only count towards your Commlink's limit as long as the Agent is running on the Commlink. As soon as you load into onto the corp computer then it doesn't count anymore?
|
|
|
|
|
May 16 2006, 07:04 PM
Post
#14
|
|||
|
Hoppelhäschen 5000 Group: Members Posts: 5,807 Joined: 3-January 04 Member No.: 5,951 |
Yet, those Programs run on the Agent's System - meaning they don't count to the System limit of the Node the Agent runs on. |
||
|
|
|
||
|
May 16 2006, 07:53 PM
Post
#15
|
|||||
|
Shooting Target Group: Members Posts: 1,754 Joined: 9-July 04 From: Modesto, CA Member No.: 6,465 |
Agents also use the current node's Response rating as their own. This means their System rating <= Reponse, so program caps start happening. |
||||
|
|
|
||||
|
May 16 2006, 07:55 PM
Post
#16
|
|||
|
Shooting Target Group: Members Posts: 1,754 Joined: 9-July 04 From: Modesto, CA Member No.: 6,465 |
So if you've hacked yourself in (Hacking) as a Legit user, wouldn't you start using your Computer Skill to manipulate files your Account has access to? I mean, you could still use Hacking instead, but I'm still lost on how a Node knows your not legit when you are doing legit things with a Hacked account. |
||
|
|
|
||
|
May 16 2006, 08:20 PM
Post
#17
|
|||
|
Hoppelhäschen 5000 Group: Members Posts: 5,807 Joined: 3-January 04 Member No.: 5,951 |
Sure... to the inherited Response of the Agent. |
||
|
|
|
||
|
May 16 2006, 08:35 PM
Post
#18
|
|||
|
Genuine Artificial Intelligence Group: Members Posts: 4,019 Joined: 12-June 03 Member No.: 4,715 |
A node doesn't know you're not legit if you're going legit things with a legit account. If you've logged in using a valid passcode (not hacked in), such as an account you managed to get out of some wageslave, and you're only performing actions that are legit for his account, then you use computer instead of hacking and you're completely unopposed. I'm not understanding something, I think. What exactly is the case you're talking about where the node knows you're not legit? |
||
|
|
|
||
|
May 16 2006, 09:07 PM
Post
#19
|
|||
|
Runner Group: Members Posts: 2,556 Joined: 26-February 02 From: Seattle Member No.: 98 |
If you're hacked in with some account, anything you do that that account should be able to do uses your Computer skill (not hacking) and won't twig any alarms. If you do something that requires you to Hack the computer, it gets a chance to spot you. The advantage to having a high-end account would be that a number of actions become legal, and don't run the risk of setting off any alarms.
Exactly. Hence, why you might want to build an enormously scary Agent, even though it makes your commlink grind to a halt to fire it up... once you've gotten it onto their ginormous hardware, that thing can do a lot more than one you can effectively run alongside of your own processes on your fist-sized computer... you just need to get a chance to upload it. |
||
|
|
|
||
|
May 16 2006, 09:12 PM
Post
#20
|
|
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
From my reading of the rules, it seems that Computer is used for legitimate purposes, and Hacking for things you're not supposed to be doing. Thus, after breaking into a student's commlink, changing their term paper would be Computer + Edit, whereas changing the log file to make it look like you weren't there would be Hacking + Edit.
|
|
|
|
|
May 16 2006, 09:18 PM
Post
#21
|
|||
|
Runner Group: Members Posts: 2,556 Joined: 26-February 02 From: Seattle Member No.: 98 |
Perfect example. Now, if you had Admin access to his commlink (for whatever reason... I often simply say that "dumb" objects like commlinks aimed at the average joe won't even have some of the higher-up access levels), changing that log could very well *not* be Hacking, assuming that Admin-level users are supposed to be able to change that log. Be very careful what you give different user-levels permission to do. I find it comes in handy to have a notecard handy where I've jotted down what the "typical Security user" or whatever is capable of doing on a system. |
||
|
|
|
||
|
May 16 2006, 09:33 PM
Post
#22
|
|||
|
Moving Target Group: Members Posts: 371 Joined: 10-January 06 From: Regina Member No.: 8,145 |
Ok, and while you are trying to get that big fat Agent onto the target "mainframe" you have a big performance hit. Like if you have 6 programs running, then start up a fully-loaded Rating 6 Agent. You now have 13 (6 yours + 6 Agent's + Agent itself?) running, meaning -2 Response. The rules for changes in Initiative say that this -2 takes effect immediately and would remain in effect until the next Round. Getting the Agent onto the target Node would be 2 Complex Actions. One to load the Agent, one more to transfer it from your Commlink to the host. Here's something interest I just thought of: what about when if you set that Agent to run independantly? Would it need to validate its own account on the target system, or would it continue to use the one your Persona hacked in with? |
||
|
|
|
||
|
May 16 2006, 09:51 PM
Post
#23
|
|||||
|
Shooting Target Group: Members Posts: 1,754 Joined: 9-July 04 From: Modesto, CA Member No.: 6,465 |
There are few great examples here that touch on what I am mentioning. Once inside (hacked or otherwise) if a Node scans your every move you'd be fine as long as you are continuing to use you Computer skill or preform legit actions appropriate to the account you've hacked. Once you starting using your Hacking skill, I can see where the Node Analyze would become a problem. Maybe it's not stated in SR4 in those exact terms, but it took me a while to dig it out for myself. |
||||
|
|
|
||||
|
May 16 2006, 10:33 PM
Post
#24
|
|
|
Moving Target Group: Members Posts: 371 Joined: 10-January 06 From: Regina Member No.: 8,145 |
I think what's going on here is that people have different ideas about what constitutes a "legit" user. I think the interpretation that most people (including myself) take is this: once a Hacker has sucessfully beat the Firewall (+ whatever modifiers) threshold for their desired access level then they have effectively "stolen" a legitimate user account for that access level. If the Hacker didn't raise an alarm when breaking in they should be able to take whatever actions the GM deems are allowed for that user level on that system, and use their Computer skill to perform them.
As soon as they wish to do something that is not permitted by their current user level they switch to using the Hacking skill. In Shrike30's example, he is having the System (and any patrolling IC) make rolls to detect the Hacker every time one of these actions is taken. I would also say that if the Hacker raises an alarm on the way in then the system and/or IC start to scan everything that is going on in the system because they are "pretty sure there is an intruder somewhere." All of these rules seem fairly reasonable to me. The Hacker basically has to decide on a greater chance of raising an alarm while breaking in (going for higher access), or chancing the rolls while they are in the system. The decision should probably be based on what they expect to be doing while they are in the system. |
|
|
|
|
May 16 2006, 10:36 PM
Post
#25
|
|||
|
Shooting Target Group: Members Posts: 1,754 Joined: 9-July 04 From: Modesto, CA Member No.: 6,465 |
Nice Summary. Thanks everyone for the feedback here, it's been really helpful for me and my group. |
||
|
|
|
||
|
|
Lo-Fi Version | Time is now: 11th June 2025 - 09:25 PM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.