User Accounts and Stealth Progs, Stealth Hides What? |
User Accounts and Stealth Progs, Stealth Hides What? |
Dec 9 2009, 09:03 AM
Post
#1
|
|
Moving Target Group: Members Posts: 118 Joined: 9-February 09 From: F.R.F.Z. C.A.S. Sector Member No.: 16,861 |
Oi Chums,
Say I had a node with 3 user accounts, 1 Security account and no Admin accounts and everyone who was supposed to be there was logged in. A Hacker beats my Encryption, disarms my Data Bomb and logs on with a User account. I would know that there is a hacker because there was one to many accounts active or would I? Would the Stealth program hide both his Icon and the Log account requiring me to make a Matrix Perception check? |
|
|
Dec 9 2009, 09:18 AM
Post
#2
|
|
Runner Group: Members Posts: 2,899 Joined: 29-October 09 From: Leiden, the Netherlands Member No.: 17,814 |
Oi Chums, Say I had a node with 3 user accounts, 1 Security account and no Admin accounts and everyone who was supposed to be there was logged in. A Hacker beats my Encryption, disarms my Data Bomb and logs on with a User account. I would know that there is a hacker because there was one to many accounts active or would I? Would the Stealth program hide both his Icon and the Log account requiring me to make a Matrix Perception check? As long as his Stealth functions, you wouldn't realize that there's a user too many (or more than one user logged in under the same account.) |
|
|
Dec 9 2009, 09:32 AM
Post
#3
|
|
Moving Target Group: Members Posts: 118 Joined: 9-February 09 From: F.R.F.Z. C.A.S. Sector Member No.: 16,861 |
Oi Ascalaphus,
Thanks. Just wondering. I was checking Unwired under System Topology and Limiting Account Privileges. Could I then use a Matrix Perception on the Account Log to notice the Intrusion? |
|
|
Dec 9 2009, 09:55 AM
Post
#4
|
|
Hoppelhäschen 5000 Group: Members Posts: 5,807 Joined: 3-January 04 Member No.: 5,951 |
Actually, if you monitor account usage and he uses an actual account, you would indeed know.
Normal hacking, however, won't result in an actual account, just the privileges equivalent to such an account. |
|
|
Dec 9 2009, 02:59 PM
Post
#5
|
|
Moving Target Group: Members Posts: 159 Joined: 30-October 09 From: Roseville, MN Member No.: 17,823 |
Actually, if you monitor account usage and he uses an actual account, you would indeed know. Normal hacking, however, won't result in an actual account, just the privileges equivalent to such an account. QFT. It's a different story if he used lead-pipe hacking ("Give me your username and password or I beat you with this lead pipe") in which he is using an actual account on the node. That you could track using this system...but a standard hack (without the lead pipe) is finding an exploit in the system that gives you those access priviliges without actually making an account. |
|
|
Dec 9 2009, 09:50 PM
Post
#6
|
|
Moving Target Group: Members Posts: 557 Joined: 26-July 09 From: Kent, WA Member No.: 17,426 |
It would be reasonable to assume the system would flag a duplicate login, either denying access to the new user or booting the old one.
I tend to assume lots of the details like this are covered in the analyse/stealth arms race and just let the dice handle it. The PCs are coming up with cunning tricks, but so are the opposition. If you really enjoy that sort of micromanaging, or if you have a lot of RL computer security specialists at the table, go for it...but I try to keep it simple to stop the matrix stuff from taking over the whole game, especially since it generally splits the party. |
|
|
Dec 9 2009, 10:35 PM
Post
#7
|
|
Runner Group: Dumpshocked Posts: 2,946 Joined: 1-June 09 From: Omaha Member No.: 17,234 |
Actually, if you monitor account usage and he uses an actual account, you would indeed know. Normal hacking, however, won't result in an actual account, just the privileges equivalent to such an account. Which if someone is actively monitoring the security log they might see the errors and other problems associated with those privledges not being tied to a valid account at least when they start to do actions that affect the node. |
|
|
Dec 9 2009, 11:24 PM
Post
#8
|
|
Moving Target Group: Members Posts: 492 Joined: 28-July 09 Member No.: 17,440 |
It would be reasonable to assume the system would flag a duplicate login, either denying access to the new user or booting the old one. deny the new one entry QUOTE p110 Unwired Copied Agents and IDs Note that when an agent program is copied, the access ID built into the agent is copied as well. This means that any copies of the agent will have the same access ID. This is not a problem when a hacker is running such copies simultaneously from his persona (as his access ID is used in that case), or if the copies are operating autonomously in independent nodes. If a copy tries to access a node on which an agent with the same access ID is already running, however, the node will automatically refuse ac- cess (even if the agent tries to hack his way in, the attempt will automatically fail). This security feature both deters piracy and prevents mass invasions by agent mooks (the so-called “Agent Smith” scenario). A copied agent may be patched in order to give it a separate unique access ID with a Logic + Software (Rating x 3, 1 week) Extended Test. I believe the same can be assumed for all access IDs as there is no real distinction between an agent's ID and a persona's other then it's origin. QUOTE p225 SR4A Authorization and Authentication In order to allow you access to anything beyond a public account, the node must be given three things. The first is your access ID, which is automatically given when you log on. Second, the node must have your access ID associated with an access level/account privileges (for example, your soycaf dispenser will have your access ID on a list that shows that you have an admin account on its node); this is called authorization. Third, you must have some way of proving you are the person who has the authorization in question; this is authentication. There are a number of methods a node can employ to authenticate users. For low-security nodes like can openers or corporate restrooms, the access ID alone is enough. A node could demand a basic passcode before permitting entry. Basic passcodes consist of sets of symbols that you enter to log on to a node. The most common passcodes are alphanumeric strings, but thanks to augmented and virtual reality, passcode “symbols” can... Basically as I read this, to get into someone else's account, even if obtained by social engineering, you have to first spoof your Access ID to match, otherwise it's like trying to log in with the wrong username. I figure most groups probobly don't even bother with the Hacking + Software(2) test when doing this and just assume they log in with that ID. However this makes it so that if that user is currently on the hacker can't log in, or if the hacker is in the actual user can't log in. A fun thing to play with really. User: "Hey, is this tech support? I seem to be having trouble logging in. I'm using the right password and everything." Security Spider: "Whats your Access ID sir?" User: "1234567890" Spider: "According to this you're already logged in." User: "Well I'm NOT." Spider puts user on hold to check it out. |
|
|
Dec 9 2009, 11:46 PM
Post
#9
|
|
Moving Target Group: Members Posts: 588 Joined: 26-February 02 Member No.: 227 |
Which makes me wonder why most of the stuff you and I own would even HAVE accounts. I suppose it needs to so other stuff can pass it info (your smartgun needs an account on your image link, etc) but for some things, limiting it to just an admin account almost makes sense.
|
|
|
Dec 10 2009, 12:08 AM
Post
#10
|
|
Runner Group: Dumpshocked Posts: 2,946 Joined: 1-June 09 From: Omaha Member No.: 17,234 |
You don't need accounts to pass traffic, the joys of mesh technology
|
|
|
Dec 10 2009, 12:37 AM
Post
#11
|
|
Runner Group: Members Posts: 2,899 Joined: 29-October 09 From: Leiden, the Netherlands Member No.: 17,814 |
It would be reasonable to assume the system would flag a duplicate login, either denying access to the new user or booting the old one. Many contemporary network-based systems currently allow the same account to be logged into different terminals. It's not guaranteed this will change in the future; occasionally it has it's uses. (A "generic client" visitor account, for example.) As for the Agent Access ID: it looks like a desperate rules patch. What if the agent spoofs his Access ID (instead of a peculiarly labourious software change)? |
|
|
Dec 10 2009, 02:23 AM
Post
#12
|
|
Moving Target Group: Members Posts: 492 Joined: 28-July 09 Member No.: 17,440 |
Preceding paragraph says it can be but it has to be done as it's being loaded. Once it's running it cannot be changed. This means an agent can't change their own access ID, but you are free to.
|
|
|
Dec 10 2009, 02:33 AM
Post
#13
|
|
Moving Target Group: Members Posts: 588 Joined: 26-February 02 Member No.: 227 |
You don't need accounts to pass traffic, the joys of mesh technology I meant to pass info the destination could use. If your smartgun doesn;t have an account on your vision link, how does the link know to display the data its sending, instead of every other bit of data zooming through the air? Many contemporary network-based systems currently allow the same account to be logged into different terminals. It's not guaranteed this will change in the future; occasionally it has it's uses. (A "generic client" visitor account, for example.) Heh, I do that in the computer lab here at school. Log in to two comps side by side, and multi-task like a fool. |
|
|
Dec 10 2009, 02:33 AM
Post
#14
|
|
Street Doc Group: Admin Posts: 3,508 Joined: 2-March 04 From: Neverwhere Member No.: 6,114 |
|
|
|
Dec 10 2009, 02:42 AM
Post
#15
|
|
Moving Target Group: Members Posts: 266 Joined: 21-November 09 Member No.: 17,891 |
QUOTE (Unwired, p. 110) Copied Agents and IDs Note that when an agent program is copied, the access ID built into the agent is copied as well. This means that any copies of the agent will have the same access ID. This is not a problem when a hacker is running such copies simultaneously from his persona (as his access ID is used in that case), or if the copies are operating autonomously in independent nodes. If a copy tries to access a node on which an agent with the same access ID is already running, however, the node will automatically refuse ac- cess (even if the agent tries to hack his way in, the attempt will automatically fail). This security feature both deters piracy and prevents mass invasions by agent mooks (the so-called “Agent Smith” scenario). A copied agent may be patched in order to give it a separate unique access ID with a Logic + Software (Rating x 3, 1 week) Extended Test. Whoever wrote that passage has clearly never used UNIX. It's not only possible to log in multiple times as the same user, it's extraordinarily useful. |
|
|
Dec 10 2009, 02:54 AM
Post
#16
|
|
Runner Group: Dumpshocked Posts: 2,946 Joined: 1-June 09 From: Omaha Member No.: 17,234 |
Well to be fair this is clearly something done froma game balance perspective and not a actual computer use. If your trying to work matrix tech from a real world computer perspective your just going to give yourself a headache.
|
|
|
Dec 10 2009, 10:51 AM
Post
#17
|
|
Runner Group: Members Posts: 2,899 Joined: 29-October 09 From: Leiden, the Netherlands Member No.: 17,814 |
Well to be fair this is clearly something done froma game balance perspective and not a actual computer use. If your trying to work matrix tech from a real world computer perspective your just going to give yourself a headache. It would have been nice if it didn't directly contradict realistic technology though. The kind of limits they come up for game balance all seem haphazard, illogical and easily circumvented. |
|
|
Dec 10 2009, 06:22 PM
Post
#18
|
|
Moving Target Group: Members Posts: 588 Joined: 26-February 02 Member No.: 227 |
Whoever wrote that passage has clearly never used UNIX. Or they didn't assume that The computer OS of 2070 is the same as one made 100 years earlier. Sure, principles of design might not change, but then again, who knows? Also, its a GAME. Lots of stuff gets done for that reason, and as nothing to do with "realism". |
|
|
Dec 10 2009, 07:38 PM
Post
#19
|
|
Moving Target Group: Members Posts: 266 Joined: 21-November 09 Member No.: 17,891 |
Or they didn't assume that The computer OS of 2070 is the same as one made 100 years earlier. Sure, principles of design might not change, but then again, who knows? Also, its a GAME. Lots of stuff gets done for that reason, and as nothing to do with "realism". The fundamental paradigm of modern computing is more is better. That especially applies to internet connectivity. I wasn't assuming that the computers of the future used UNIX, just that you could get away with not realizing how integral multiple connections are if you had only used Windows or Mac OS. |
|
|
Dec 10 2009, 08:25 PM
Post
#20
|
|
Hoppelhäschen 5000 Group: Members Posts: 5,807 Joined: 3-January 04 Member No.: 5,951 |
Just. Don't. Go. There.
|
|
|
Dec 13 2009, 04:56 PM
Post
#21
|
|
Prime Runner Ascendant Group: Members Posts: 17,568 Joined: 26-March 09 From: Aurora, Colorado Member No.: 17,022 |
Whoever wrote that passage has clearly never used UNIX. It's not only possible to log in multiple times as the same user, it's extraordinarily useful. In fact, I do it all the time on a Unix System... Unfortunately, our system architecture is changing, and the new environment does not allow this... it is quite frustrating... Keep the Faith |
|
|
Lo-Fi Version | Time is now: 29th April 2024 - 12:55 AM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.