Intruder Alerts, Who can initiate or stop them? Options

[Odsh]

Is it possible to initiate an alert against a hacker using a (stolen) legitimate account?
Could a hacker with security/admin access rights deactivate an alert on another user? On himself?
Could a hacker with security/admin access rights initiate an alert against another user, for example, a spider? Could the spider deactivate the alert initiated against him?

[Saint Sithney]

Well, what operating system is the node using? I know that ______ OS requires a full restart before any accounts changes can be processed and it checks all changes against the network administrator's system files to make sure the change was authorized.

etc. etc.



In other words, it really depends on how you view network and personal security in your game. In current real world situations, if you get admin access to someone's remote device, you can lock out anyone without physical access and basically claim a device as your own. How this would go down in 60 years is anybody's guess..

As to the first question, if you've got legit, even if it's stolen ID, access to a node's firewall, you can throw it into paranoid and start blocking ports easy as walking in and bolting the door behind you.

[Method]

I would think that in the age of info security any user can "Report a problem". We have that feature right here on this message board. Whether this triggers an alert or not will depend on the node and how its security functions. If its a high security node with a spider on standby an alert may be triggered at the first sign of trouble.

Alternately IIRC you can still "Dump Log" in SR4- basically you wipe the nodes legit subscribers list so that everyone is considered an illegal user. This can level the playing field if you are facing off against a spider, but doesn't make your life any easier.

As far as deactivating an alert- it depends on the account privileges for the node. On some nodes, a security user could do it. On others it might require an Admin. On some it might require an on-site security user, or an off-site admin, or a third party matrix security firm, or two or more security users with the proper passkeys. Or taking the node offline to reboot, or whatever.

[Malachi]

Is it possible to initiate an alert against a hacker using a (stolen) legitimate account?
Could a hacker with security/admin access rights deactivate an alert on another user? On himself?
Could a hacker with security/admin access rights initiate an alert against another user, for example, a spider? Could the spider deactivate the alert initiated against him?

All entirely up to what the GM's thinks is reasonable for the node.

Off the top of my head, lower security nodes will probably have a "super admin" account that can just do whatever it wants, whenever it wants. This is a setup for some company/user that doesn't want the hassle of all of that "security stuff" and "just wants to be able to do stuff." More secure systems that actually have a reasonable chance of being broken into and have to fend of serious hack attempts will have much higher security. For instance, they will have built in "wait periods" for particularly sensitive actions such as altering a Security or Admin account, or shutting down an Alert or IC program. I would think even "light security" systems would "lock out" the actions of any icon that has been identified as an intruder: meaning they could no longer cancel alerts, shut down IC, or anything like that. Basically, the PC is down to using their Hacking skill for everything, opposed by the Node with appropriate Program + Firewall + 4 - an uphill battle.

Bottom line, though: entirely up to the GM.

[kjones]

I would think even "light security" systems would "lock out" the actions of any icon that has been identified as an intruder: meaning they could no longer cancel alerts, shut down IC, or anything like that. Basically, the PC is down to using their Hacking skill for everything, opposed by the Node with appropriate Program + Firewall + 4 - an uphill battle.

This. If an icon triggers an alarm, regardless of its security access, that node no longer recognizes that icon as a valid user, in whatever form. The intruding icon will have to use hacking to disable the alarm (presumably with Hacking + Exploit with a threshold of Firewall + 4).

[Method]

Yep, thats already built into the rules.