 Matrix involvement in your sessions: for dummies. |
  |
 Apr 11 2007, 05:54 PM
Post
#26
|
|
|
Cybernetic Blood Mage  Group: Members Posts: 3,472 Joined: 11-March 06 From: Northeastern Wyoming Member No.: 8,361  |
( 1 ) Its a matter of debate and the answer depends on how different people tend to view the Matrix. Personally I'd say that as a good rule of thumb the more secure/important the data was the deeper the node it was on will be buried inside the network...
( 2 ) Well, in my games is goes like this: Normal Access lets you do anything that a typical employee is allowed to do on that Node. You can access data, run 'worksafe' programs freely, ect... Security Access is usually reserved for the Security Deckers/IT Guys, they can help Normal Users reset their Password, scan the security logs, ect... Admin Access is basically big brother, they can do everything, including changing the internal settings of the physical computer that runs the Node. So if all a Decker wants to do is look up a plate number then yeah, Normal Access will do just fine, but if he needs to start turning off security camera, motion sensors, ect then he'd need at least Security Access if not Admin... ( 3 ) Well personally I use the Stat & Skill tables as a guideline, with 3 being 'average' and 7-8 only appearing in nova-hot R&D milspec labs, or in an AI's personal mainframe... |
 |
 
|
|
Apr 11 2007, 05:59 PM
Post
#27
|
|||
|
Genuine Artificial Intelligence Group: Members Posts: 4,019 Joined: 12-June 03 Member No.: 4,715 |
It sounds like you're coming at it from the wrong direction, IMO. Then eliminate user level access and require them to get security level, not the other way around. Lots of devices have admin level access only. Most devices that are designed to have only one user/operator, for instance. Many devices will also have security level access, for those times when you want the user(s) to be able to do mostly everything, except for a few features you want to restrict to just one or two admins. Finally, large systems, such as hosts, that need limited access for lots of users have the user level. *This is all in my game, of course, and by no means official. I have no book quotes to back this up, it's just the way I do things.* So if the system involved is, for example, a dedicated security network, it will have no user access. It's not designed to have lots and lots of users, and the restrictions that go along with that make it harder to crack. Thus, there is only security and admin levels. Just about everyone who uses this system has security access. It lets them look at cameras, lock and unlock doors, command drones, etc. One or two people have admin level access that can lock out security level users and change fundamental system configuration. Another example: Commlinks. The primary user of commlinks have admin-level access. There are security and user level accounts, but they do almost nothing. They let you look at your commlink's "myspace" page, and whatever other little bits you want to show any random person that finds you interesting. The security level account lets the cops check your ID, but neither account is very useful for a hacker, so for commlinks the admin account is the only one that matters. Another example: Smartgun system. Admin only. There is no security or user level. |
||
|
|
|
||
|
Apr 11 2007, 06:53 PM
Post
#28
|
|||||||
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
Note: these are my answers to these questions.
However the GM wants the node to be designed. For example, the devices in a person's PAN are generally subscribed to her commlink. In a recent adventure, there was an NPC who was wearing fake cyberware, which was subscribed to a commlink (full of nasty) which was in turn subscribed to the guy's commlink (which was normal). In our example, the run was on a small business, so everything was subscribed to the same node. I like to use the metaphor of a node being a secure building, where the guards are the IC, and the Firewall and Analyze are the security systems. Choosing how much one node has in it is like deciding how many layers of physical security you want in your building. The NPC above is like a castle with an outer and inner curtain. The small business was more like an ATM shelter in a mall parking lot.
Again, it's up to the GM as the designer of the node. Permission to do different things with the commlink is different for each device, depending on its design goals. For example, a fixer's commlink may require admin access for sending messages, but a public access terminal would allow it at user access.
I use the cost jump for electronics that exists between Rating 3 and Rating 4 and the table on page 214 of your hymnal as a base. If the node is "more secure," I add 1, and if it's "a lot more secure," I add 2. I remember that only hardcore, Kuang-level scary stuff is Rating 7, and most military-grade stuff is 5. Even a rating 3 node can be effective if it's got IC patrolling, and downright impenetrable if there's a spider in the web. Remember that hacking a node is mostly a stealth game, for nodes that are worthwhile. Back to the building metaphor, one could easily storm and control a village cottage (Rating 2 or so), but the same trick wouldn't work at a military base (Rating 5). Another thing to remember is that anything you throw at players can be thrown back. When we first took SR4 out for a spin, I played a hacker. The GM took one look at my Rating 5 everything and made the first node we bumped into Rating 6. I "probed the target," and got in with admin access after a number of hours. Then, after a long stretch of breaking of copy protection, I took copies of all the nice Rating 6 programs the node was running, netting me tens of thousands of nuyen worth of software. |
||||||
|
|
|
||||||
|
Apr 11 2007, 07:02 PM
Post
#29
|
|||
|
Shooting Target Group: Members Posts: 1,706 Joined: 30-June 06 From: Fort Wayne, IN Member No.: 8,814 |
1) Honestly, that is all up to you, as the GM. I've had buildings all run off one node and other buildings run off a node for each floor. I've done runs where there was a dedicated node for security access (doors, elevators, temperature controls) and a separate node for data storage. I like to keep changing things for my players so they don't always do the same things in every matix run. Sometimes I might make a node only accessible from a certain location or force the hacker to directly access it via wires...so really, those choices are all up to you and the specific system. I'd recommend keeping it changing just so you are not boring the players or yourself with every matrix run. 2) Again, I think this is all individual, to both the GM and the system. Realize, that with any type of access, a hacker can do anything, its just a matter of whether it is a legitimate action that won't cause the system to think twice or an illegimate action that may cause the system to take actions. Most of the time, if I put a system into a run, I know ahead of time the types of information that I will allow/disallow for certain access types. The rest of the time, I just judge based on my own reasoning. You never have to worry about admin, as they have access to the entire system (granted, that doesn't mean every node can do EVERYTHING, so there could be limitations on a node and no matter what access, the hacker just can't do something). So really, you are just wanting to decide what the difference is between normal and security users. Sometimes one or both of them will not even be available...again, it comes down to how you want to handle it and will differ in each system/node, so there really isn't a wrong answer! 3) Personally, I start everything as a rating 3...programs, IC, everything. If I have a special node for a specific run and pre-plan everything, then I will vary things, but for most on the fly hack jobs my group will throw at me, I just stick to 3s across the board. If I feel the node is really insignificant, with little to no paydata, I'll drop it to 1. And if its something that I think is important, then I will up it to a 4, 5 or 6, but the vast majority, unless I have something specific planned, I stick it at 3. |
||
|
|
|
||
|
Apr 11 2007, 07:13 PM
Post
#30
|
|
|
Moving Target Group: Members Posts: 398 Joined: 16-August 06 Member No.: 9,130 |
This is a great topic. It has helped clear up some things for me. I do have some questions about the PAN though.
There is a group of 5 Shadowrunners. They each have a commlink and there is one hacker in the group. All of the Shadowrunners subscribe only to the hackers commlink and the hacker's commlink is set to forward traffic to the other shadowrunners commlinks that are subscribed to his. So in order for commlink A to speak to commlink B it first must talk to the hacker's commlink and then the hacker's commlink forwards the traffic to commlink B. The hacker's commlink is working like a centralized server or router in this case. Someone tries to hack into commlink A. Obviously commlink A gets to analyze for any hacking attempts, but does the hacker's commlink as well. Would he be considered a security spider on this network. What about the other commlinks on the PAN? If all of the commlinks were instead subscribed to each other would they get to analyze as well? What about any IC that is running on someones commlink? Could it patrol the whole PAN, or just the commlinks? Would the whole PAN of shadowrunner's commlinks be considered it's own node? |
|
|
|
|
Apr 11 2007, 09:07 PM
Post
#31
|
|||
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
The way I run it is the team's commlinks become part of the hacker's PAN, assuming that they are all set to send and receive no traffic except to and from the hacker's commlink. Each team member's commlink counts against the hacker's subscription limit, and the connection to the hacker's commlink counts against a team member's subscription limit. This is basically a form of slaving that my group has come up with. The concept is mentioned in the FAQ, but is neither elaborated upon nor put forward as an official rule, only acting as a foreshadowing of content in upcoming material. The official rules as currently written state that any device can be hacked if one is within Signal range, regardless of subscription or slaving (as it stands, subscription merely means that one need not spend a complex action to log on). As such, I personally only use the house rule for slaving above in home games, and leave it at home when I'm running games at conventions or at my FNGS. |
||
|
|
|
||
|
Apr 11 2007, 10:54 PM
Post
#32
|
|||
|
The Dragon Never Sleeps Group: Admin Posts: 6,924 Joined: 1-September 05 Member No.: 7,667 |
It's wireless though, all a hacker has to do is spoof as commlink A in order to Hack B. Regardless of how kickass commlink A is, Commlink B only has it's rating and programs to use to defend itself. And the only way to get around this problem is to do callbacks, which increases the traffic enormously. So you can be secure, but at the expense of slowing down your system tremendously. |
||
|
|
|
||
|
Apr 12 2007, 01:17 AM
Post
#33
|
|
|
Cybernetic Blood Mage Group: Members Posts: 3,472 Joined: 11-March 06 From: Northeastern Wyoming Member No.: 8,361 |
Which is why smart runners will only network their PANs when they absolutely have too and otherwise will run silent. After all, a the best Decker in the sprawl can't deck his way into a PAN that is only answering via skinlink...
|
|
|
|
|
Apr 12 2007, 01:51 AM
Post
#34
|
|||
|
Running Target Group: Members Posts: 1,251 Joined: 11-September 04 From: GA Member No.: 6,651 |
1) Its virtual, so up to the designer. Any time you have something super sensitive you may want to alter the signal strength, hardwire it, etc. Each layer of this security onion, so to speak, should be a seperate node for best effectiveness. So in the examples above where the security node is should be hardwired, not wireless, and on a node. The data should be on a hardwired node, and the wireless access should be on a regular wireless node with only as much signal rating as appropriate... and using antiwireless paint as appropriate to contain the signal. Will that stop a determined hacker/TM? Heck no, but it'll make them WORK for it... :-) |
||
|
|
|
||
|
Apr 12 2007, 01:22 PM
Post
#35
|
|||
|
Shooting Target Group: Members Posts: 1,706 Joined: 30-June 06 From: Fort Wayne, IN Member No.: 8,814 |
The way I have run this, is basically, the group ends up with one node. So, I am abstracting the whole situation due to the subscriptions. So, no one really could hack any of the non-hacker's comms because they are all subscribed to the hacker's commlink. And therefore you end up with not 5 separate nodes, but one node, based on the hacker's comm and then after hacking into it, gain access to the other commlinks... I don't think there is anything specific in the book about this, but it did seem to make me think that subscribing to devices really changed the way the network reacted. It has worked for me so far and I have even considered having individual nodes inside the group node for each comm, which still needs the spoofing and so forth to access it, but that is just adding another layer (and difficulty), which may or may not be needed for each situation. But, I think by abstracting the groups comms into one node, stays in line with the rest of SR4 and just keeps it all simple. |
||
|
|
|
||
|
Apr 12 2007, 02:04 PM
Post
#36
|
|
|
The Dragon Never Sleeps Group: Admin Posts: 6,924 Joined: 1-September 05 Member No.: 7,667 |
Little old barely useable Commlink B has been told to slave itself to Super Cool Hacker Commlink A and only listen to remote connections and commands from Super Cool Commlink A. Evil Hacker Commlink C sniffs the wireless traffic, and through it's super spiffy Decryption, Scan and assorted nasty tricks figures out enough information to Spoof.
Commlink B gets a message! "Hi, I'm Super Cool Hacker Commlink A, could you please shutdown device X ?" How does Little old barely useable Commlink B tell whether or not the wireless message is really from Commlink A, or Commlink C? Especially if Commlink B has received in that message the appropriate passphrases and codes, which is what a successful Spoof does (As well as a perfectly normal message from a subscribed device). |
|
|
|
|
Apr 12 2007, 02:40 PM
Post
#37
|
|
|
Runner Group: Members Posts: 2,925 Joined: 26-February 02 Member No.: 948 |
A somewhat important note regarding the ever popular ”Spoof” command. The ONLY thing one can spoof are Agents and Drones – Devices like commlinks are right out. See page 224 SR4.
This means that spoofing a commlink that you have legal access won’t work. |
|
|
|
|
Apr 12 2007, 02:48 PM
Post
#38
|
|
|
Runner Group: Members Posts: 2,925 Joined: 26-February 02 Member No.: 948 |
Ah, almost forgot. Subscriptions. Although someone might hack a hackers commlink and gain access to it that does not mean that the attacker has access to the subscribed commlinks that the hacker has connected in his subscription list. Remember, the subscription is two-way in the list and the team might not want the hacker to snoop in their commlinks.
Hacker A has a commlink for pure team communications with “Group” as subscription slot 1 for the entire teams communication – this is a user level access that only allows the teams commlinks to use the commlink as a secure relay for commnications. Each member of the team has a user access as well towards the team commlink which means that none of them have any access to tamper with each others commlinks through the central commnications node. So, if someone hacks one of the members comms they can only gain user access and listen in on the teams communications. If they hack the communications link they can listen in on all the commlinks as one since it functions as a hub but not access to the actual commlinks. |
|
|
|
|
Apr 12 2007, 03:04 PM
Post
#39
|
|
|
Running Target Group: Members Posts: 1,288 Joined: 4-September 06 From: The Scandinavian Federation Member No.: 9,300 |
How do you hack someones bank account? Do you A need his security key (with biometric data) or B hack the bank's system and pretend you got it?
In any case, how hard is it? |
|
|
|
|
Apr 12 2007, 03:23 PM
Post
#40
|
|||
|
The Dragon Never Sleeps Group: Admin Posts: 6,924 Joined: 1-September 05 Member No.: 7,667 |
Perhaps the Intercept Traffic option to insert faked traffic will work instead. |
||
|
|
|
||
|
Apr 12 2007, 04:49 PM
Post
#41
|
|
|
Moving Target Group: Members Posts: 398 Joined: 16-August 06 Member No.: 9,130 |
What about the other question regarding the analyze. Do all devices in the PAN get to analyze a hacker trying to hack another commlink in the PAN. If not by default, could I set my commlink to analyze other commlinks on the PAN.
Just found this SR4 pg. 208 "Many parts of the Matrix are open to public access, just like a web page—anyone can go there and view the contents. In order to enter some nodes (devices or networks), however— especially private ones—you must actually log in to an account." Notice how nodes are devices or networks. A PAN is a type of network. I am thinking it works exactly the same as if your were in a corporate facility. There is the network the corporate facility has and it consists of it's own node or multiple nodes. Then there are also the individual commlinks of the guards, wageslaves, and security spiders. Why would a network a hacker sets up be any different from one in a corporate facility? He definitely has the know-how and the tools to do it. Can a hacker in a corporate facility individually hack the commlinks of the guards, wagesavles, and security spiders? I do not know the answer to this question. If yes, then that makes things rather simple. If no, then why would a network setup by the team's hacker be any different? |
|
|
|
|
Apr 12 2007, 08:55 PM
Post
#42
|
|||
|
Running Target Group: Members Posts: 1,251 Joined: 11-September 04 From: GA Member No.: 6,651 |
Only things running Analyze get to Analyze. I usually run corporate nodes as running multiple agents that are all actively analyzing and subscribed to each other. They are instructed as a group and if one is spoofed and not the others the others set off an alarm. If you want to analyze in multiple nodes yourself you would need to be inside each of the nodes and spending actions to scan each node individually. This comes at great risk though because if you get attacked in multiple nodes you're screwed. Each commlink is a seperate node. A node can contain multiple devices such as wireless cameras, door locks, etc, and all are behind one commlink. Commlink == node. When two nodes are subscribed they trust each other and allow the exchange of info so a shadowrunner team that has one member with cruddy commlink can get hacked and then all the communications the cruddy one is subscribed to can be messed with, recorded, etc, from the cruddy commlink. Yes, individual commlinks can be hacked. Hacking from the hacked commlink to another one is not the path of least resistance necessarily but it works. This also means running a low signal commlink to hide from corpsec and having high signal drones near you can allow them to hack you through the commlink built into the drones. Hope that helps! |
||
|
|
|
||
|
Apr 12 2007, 10:05 PM
Post
#43
|
|
|
Cybernetic Blood Mage Group: Members Posts: 3,472 Joined: 11-March 06 From: Northeastern Wyoming Member No.: 8,361 |
Which is why the few times I do get to play as opposed to being the DM my Mage makes it a point to geek anyone stupid enough to insists that just because they aren't a Decker they can get by with a crappy link...
|
|
|
|
|
Apr 13 2007, 12:53 PM
Post
#44
|
|
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
Quick note on slaving devices. I just noticed a reference to slaving devices on page 304 of the BBB. My guess is that the concept was intended to be included in the core rules, but was probably edited for space and/or intentionally saved for later books.
|
|
|
|
|
Apr 13 2007, 01:23 PM
Post
#45
|
|||||
|
Moving Target Group: Members Posts: 398 Joined: 16-August 06 Member No.: 9,130 |
If one of the agents is spoofed, how would the others notice unless they succeed in a test to notice the spoof? This isn't something one just automatically knows. Also, to my knowledge there is no possible way to spoof multiple agents at the same time. A spoofed command given to an agent would look as if someone with all of the necessary rights gave the command. Why would an agent put out an alarm against the node itself or a user that gave a legitimate command? |
||||
|
|
|
||||
|
Apr 14 2007, 03:21 PM
Post
#46
|
|||
|
Running Target Group: Members Posts: 1,251 Joined: 11-September 04 From: GA Member No.: 6,651 |
It wouldn't. To prevent an alarm in the event of multiple agents watching each other the spoofed command would also need to go to the other agents as if a group of people were bouncers at a club and a con man had only succeeded against one of the group. FURTHER LOGIC: If all the agents are subscribed to each other they can be assumed to transfer information freely. Otherwise a camera on a smartgun would only have a chance of projecting crosshairs to the image link and an agent ferrying a data stream in courier fashion might be incomplete in its transmission. If the agents have instructions to monitor each other, do not hide from each other, and are transmitting their status to each other then the odd-man-out becomes apparent. THE COUNTER: To spoof multiple agents use multiple agents. Instruct them as to what they are to do and point out their targets then tell them to begin. Swarm on swarm. Using Sprites and having the Sprites suppress an alarm is even more effective since a high enough Data Search and Analyze can make it so blitzing is possible without fear of an alarm... unless the Sprite suppressing the alarm is de-rezzed. |
||
|
|
|
||
|
Apr 14 2007, 04:09 PM
Post
#47
|
|
|
The Dragon Never Sleeps Group: Admin Posts: 6,924 Joined: 1-September 05 Member No.: 7,667 |
Just remember the having all those agents talking to each all the time eats up lots and lots of IPs.
Usually enough to effectively make them useless for anything else. |
|
|
|
|
Apr 14 2007, 04:16 PM
Post
#48
|
|||
|
Running Target Group: Members Posts: 1,251 Joined: 11-September 04 From: GA Member No.: 6,651 |
I agree with this 1000%. |
||
|
|
|
||
|
|
Lo-Fi Version | Time is now: 11th February 2025 - 05:39 AM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.