Designing a Computer System to Hack, Help for a newer GM Options

[Dewar]

I'm not a total newbie when it comes to Shadowrun 4th ed, but this is the first game I've run where hacking is being emphasised, and I want to get it right. Here's how I've designed my network.

The building has two machines directly connected to the Matrix, one which is a fairly average system that all the normal traffic goes through, and the other that's a VPN to the regional office, so it's subscribed only to the regional office's computer. Both of those connect to a central system where all of the various user machines and file servers and what not connect together. Finally, there's a security computer connected to that which is in turn connected to all the cameras and door locks.

So for each of these nodes, what stats do I need to list? Obviously they'll each need a Response, Firewall, and System stat. What other things do I need? I want this to be a pretty easy target since this is their first run, but I also want that VPN server to be tempting, and to swat down anyone who's feeling overconfident.

[knasser]

First, I better caveat that you could get four different answers from three different people to your question. The below is my version of what I think you want. Others might do it differently, but the below doesn't have any house rules in it, it's strictly RAW. And I think it would probably be about right for a starting, non min-maxed hacker, representing a small corp. Swap the IC on the regional sub-system node for something more direct if that suits you better. And you might want to add an Armour program if you feel it's too vulnerable. I would run a sample encounter between the PC and that node / IC to see if it hits the balance that you want.

Hope this is helpful,

-K.

There are four nodes in total. I list these as follows:

Node 1 - Matrix Gateway (System 3, Response 3, Firewall 3):
Purpose: A chokepoint system that guards remote access to the internal systems of the site and manages all external connections.
Accessibility: This node has a matrix address tied to the company and can be located on the matrix with a "Easy" Data Search roll - Data Search + Browse (2, 1 minute). The node can be accessed wirelessly from within the building.
Matrix / AR Imagery:

Agent (Pilot: 2, Analyze 1):
A user-interface system operates on this node to deal with visitors, i.e. take messages for the company, direct people to the appropriate person for their enquiry, etc. In VR, it takes the image of a japanese elf in a crisp, tight suit. The corporate logo glitters in gold on her lapel and her face is VR perfection. It is capable of holding moderately sophisticated conversations in areas of its expertise. If unable to deal with a visitor, it will contact a (meta-)human for assistance.
The agent will approach any visitor to the node that it detects with a matrix perception test (Pilot Rating + Analyze vs. Hacking + Stealth). If "killed", the agent will be restarted later.

Node 2 - Office Network (System 4, Response 3, Firewall 2):
Purpose: The mesh of terminals and servers in the office which the employees use for their day to day work. All the systems comprise one big integrated node. Logging on to almost any terminal in the building is logging onto this node.
Accessibility: This node has no direct external access to the matrix. It is subscribed to both the gateway node (Node 1) and the Regional Office Sub-System (Node 3) and can be accessed from both of these. Note that user accounts gained from hacking Node 1 are not necessarily valid for Node 2, meaning it has to be re-hacked. However, the reverse is not true.
Matrix / AR Imagery:


IC (Pilot 2, Analyze 2, Attack 2, Armour 2):
The purpose of this IC is to investigate and deal with any unauthorised intruders on the network. It is normally inactive and will only be triggered if the node itself detects an intruder or if it is approached / attacked by an intruder. After doing so, it will remain on alert for up to an hour, investigating any other intruders. Note that when the IC activates, this reduces the node's repsonse time to 2. The IC will not pursue users beyond the current node, but it will send an alert to it's masters if left active after a confirmed encounter with an unauthorised user.

Matrix / AR Imagery: This is a standard off-the-shelf Renraku "White Samurai" package. The corp haven't even modified the standard oriental swordsman imagery or gleaming white colour. If an AR user is attacked, he will likely see diagnostic and security messages flashing across his interface.

Node 3 - Regional Office Subsystem (System 4, Response 4, Firewall 3):
Purpose: This node is a sub-system of the remote, regional office system. For practical purposes it is part of another system and acts as a choke-point preventing unauthorised access or usage by ordinary employees.
Accecssibility: This node is accessible only from the remote regional office and the internal network. It is not directly accessible wirelessly. That is not to say that a user could not be connected to the system through a wireless commlink, but that they would be connected first to Node 2 and then make their way from there to Node 3. A user account valid for Node 2, is not necessarily valid for Node 3, meaning that the node must be hacked independently of any previous successful hacks into Node 2. The reverse is not true, however, should a user enter from the regional office.

IC (Pilot 4, Analyze 4, Stealth 5, Track 3):
The security of this node is important and it is not sufficient to merely boot off an intruder. Instead, it is necessary to locate and investigate the intruder. The IC on this node is active, but will normally be running on Stealth and Analyze. On detecting an intruder (whether through it's own analysis of subscribed users or through the node going on the alert), it will load the Trace program from a data store in the node itself. This can alert savvy hackers who notice the sudden degredation of the node's response time but did not detect the IC on entering.
The IC attempts to locate the user with an extended Track test (SR4, pg. 219). If the user is connected to a physical location off-site then either corporate security or Lonestar will be passed the details. If the user is located within the premises then details are immediately passed to the security systems. In all cases, information is preserved for future investigation.
If detected, the IC has a visual representation as a grey-clad electro ninja.

Node 4 - Security System (System 2, Response 2, Firewall 4):
This node controls the security cameras, door locks, etc. throughout the site. It only has Security and Admin levels of access, meaning any hacking attempt must accept these penalties. Individual cameras, doors, etc, can be attacked on their own of course, but access to the security node is the real prize.
There is no IC on the security node, but it is frequently interacted with by the security staff, so care must be taken not to take any actions that will alert those using it. E.g. Edit actions should be taken to pass false images back to the terminals in the security office, so that cameras that are turned off continue to appear to function, etc.
Accessibility: The node is accessible wirelessly throughout the site, but has no direct connection to the other nodes.

[bait]

If your really sneaky you don't connect the security systems to a matrix active box, instead it operates on a wired PAN and setup to be rigged by security riggers.

[Dewar]

[FriendoftheDork]

Hey would't the gateway node also need an Analyze program of it's own to detect someone hacking in? Rating 3 at least! Otherwise, almost any hacker can come right in and wreak havoc on their "webpage".

[knasser]

[GrinderTheTroll]

[sunnyside]

Ok I'll try and write something later when I have time. But I warn you that the archtype hacker from the book (the erratad one anyway) will blow right through the regional node knasser proposed if they probe and without analyze loaded it'll be pretty trivial to hack on the fly (even if the IC implies it has analyze 2 it'll still be pretty trivial).

And node 4 either has a typo or isn't a legal set of values (firewall higher than system).

Also note that to a high degree SR4 is trying to do away with chokepoints. I believe this largely to be because since the beginning people have been complaining about other players going out and getting a pizza while the hacker does their thing, and we've never really stopped.


Anyway the current RAW/FAQ interpritation is that if a device has accesses the matrix, than the matrix has access to it. So while a security camera isn't directly hackable because it isn't on the matrix proper, if somebody is accessing the matrix via their comlink through servers X, Y and Z a hacker could hack them directly from the matrix. Hence why so many corps use RF paint and the like to isolate regions of their offices from the matrix proper. (Also I'm betting being disconected from the matrix often increases productivity :P )

So here would be my take on the system. Uh, later gotta go.

[Dashifen]

[deek]

I think for a beginning hacker group, knasser has a solid setup for you. Whether or not a hacker will rip through to the regional office or not, isn't a big deal, IMO. If you want to make that regional node "off limits", just make it a higher rating node and a ton of IC. That way, if your hackers try to enter that node, you just brute force them out...

[sunnyside]

Ah yes I forget that the FAQ occasionally has functional errata.

Anyway what my convoluted post back there was trying to say is that when making matrix systems it plays better on the table to have simpler topology. The system "helps" with this by not having true firewalls in the classic sense of the term where you have a "chockpoint" type system. You only kinda get one system in the way of users. And then only if your player doesn't know the AID of any system on the other side, because to sniff traffic they have to have hacked into a node it's going through.

Instead if you want to recreate the feeling of a VPN I'd suggest using the clear as mud encryption guarding IC on page 225. I have IC like that babysit data streams and let it make a matrix perception test whenever someone interacts with that data stream (such as decrypting).

[Jaid]

[knasser]