3 layers that will make matrix nodes "secure", or at least bothersome to break into Options

[hobgoblin]

i was reading a sidebar in unwired, and it dawned on me that a subscribers list can be used in multiple ways.

first as a way to say who you want to talk to, second a list of who you do not want to talk to.

the latter was mentioned as a way to keep agent hordes out.

anyways, on to my little brain dump.

note btw, that this will not make a a node immune, but it will make it more trouble then its usually worth for any but the most dedicated.

1. hidden mode. Basically, the node is not listed anywhere, it do not route traffic, and is generally a black hole in the matrix.

2. encryption. Sure, encryption is not the silver bullet it is in real life, but it helps. Especially when its used as a VPN.

3. subscription list. Unless the node is a customer PR node, it should have a very limited list of other nodes its willing to talk to. Not on that list, your not getting in, end of story. One thing to note on this step is that unlike a basic traffic sniff on the real internet, your not given both ends of a connection in SR. Instead, you will have to hack the known node to start a trace for the other end (or did i just dream that? could be its a SR3 or older thing, hrmf).

end result is that anyone wanting to break into the node will have to first find it, then decrypt access, and finally know the access id of another node it wants to talk to.

at that point, most script kiddies will be of spoofing some vending machine for kicks.

[Saint Sithney]

Another good option, like in real life, is to not use an admin account except to set initial permissions. There are all sorts of ways a hacker can jam you up with admin access, but if you limit your own permissions to only the type of things you would want to do in the first place, then spoofed commands lose a bit of their bite. They won't be able to slave your devices to their coms, mess with your safe targeting systems or any number of other dirty tricks a guy can pull by spoofing commands from a sniffed out admin account.

[Tymeaus Jalynsfe...]

i was reading a sidebar in unwired, and it dawned on me that a subscribers list can be used in multiple ways.

first as a way to say who you want to talk to, second a list of who you do not want to talk to.

the latter was mentioned as a way to keep agent hordes out.

anyways, on to my little brain dump.

note btw, that this will not make a a node immune, but it will make it more trouble then its usually worth for any but the most dedicated.

1. hidden mode. Basically, the node is not listed anywhere, it do not route traffic, and is generally a black hole in the matrix.

2. encryption. Sure, encryption is not the silver bullet it is in real life, but it helps. Especially when its used as a VPN.

3. subscription list. Unless the node is a customer PR node, it should have a very limited list of other nodes its willing to talk to. Not on that list, your not getting in, end of story. One thing to note on this step is that unlike a basic traffic sniff on the real internet, your not given both ends of a connection in SR. Instead, you will have to hack the known node to start a trace for the other end (or did i just dream that? could be its a SR3 or older thing, hrmf).

end result is that anyone wanting to break into the node will have to first find it, then decrypt access, and finally know the access id of another node it wants to talk to.

at that point, most script kiddies will be of spoofing some vending machine for kicks.

Except that Exploits get around such measures (the Subscription List thingy) pretty well... that is why it is an Exploit...

Keep the Faith

[Dixie Flatline]

Yeah, I've pretty much given up on the concept of defense in the Matrix for Shadowrun short of the highest end agents, hardware, and software, as well as a talented (highly talented) spider running overwatch on your system.

The idea that a system administrator (spider) could be sitting in front of his server, someone breaks in, and he can't just shut down the offending user and disconnect the bastard offends me on a conceptual level. That he has to go in and essentially "hack" the opponent is silly. He isn't good enough, he gets dumped, and now suddenly he can't touch the hacker in his system without turning off the entire node.

I also hate the idea that encryption can be hacked in only a few seconds in certain circumstances. I don't see how an online economy could exist or function in a world where data was so vulnerable. The idea that one single set of calculations which can solve immensely complex problems in relatively short time also would have real-world implications in science, mathematics, and economics that would literally change everything. It'd be the universal solvent of mathematical systems.

We hear in fluff about how lethal and protective and uber-secure high end systems are, but you read the stats and really, it's not that way. Someone with a few thousand nuyen comlink can feasibly hack a military grade system, on the fly, with a significant expectation of success. There was a thread in here about how you could run a rating 12 program on a rating 6 system comlink. Anything above 6 is supposed to be bleeding edge state of the art.

The hacking system is broken, and with AR/VR being so integral to ALL characters in 4th, it's impossible to simply kludge the matrix with NPCs like you could in previous editions.

It's an arms race that is permanently skewed in the favor of the aggressor.

[Tymeaus Jalynsfe...]

Yeah, I've pretty much given up on the concept of defense in the Matrix for Shadowrun short of the highest end agents, hardware, and software, as well as a talented (highly talented) spider running overwatch on your system.

The idea that a system administrator (spider) could be sitting in front of his server, someone breaks in, and he can't just shut down the offending user and disconnect the bastard offends me on a conceptual level. That he has to go in and essentially "hack" the opponent is silly. He isn't good enough, he gets dumped, and now suddenly he can't touch the hacker in his system without turning off the entire node.

I also hate the idea that encryption can be hacked in only a few seconds in certain circumstances. I don't see how an online economy could exist or function in a world where data was so vulnerable. The idea that one single set of calculations which can solve immensely complex problems in relatively short time also would have real-world implications in science, mathematics, and economics that would literally change everything. It'd be the universal solvent of mathematical systems.

We hear in fluff about how lethal and protective and uber-secure high end systems are, but you read the stats and really, it's not that way. Someone with a few thousand nuyen comlink can feasibly hack a military grade system, on the fly, with a significant expectation of success. There was a thread in here about how you could run a rating 12 program on a rating 6 system comlink. Anything above 6 is supposed to be bleeding edge state of the art.

The hacking system is broken, and with AR/VR being so integral to ALL characters in 4th, it's impossible to simply kludge the matrix with NPCs like you could in previous editions.

It's an arms race that is permanently skewed in the favor of the aggressor.

I do not actually agreee with you here, though...

Many of the "rules" in place for the Matrix are there for playability, not reality. If you were to put into place the actual systems for security, you would never be able to play a Hacker/Rigger. instead, the have provided a framework so that you can secure a system and still have playable hackers.

It really is not that hard to secure a system in the current rules. And ironically, the best way to do so is to do it in layers. Tracking Programs, IC, Agents, Encryption, Data Bombs, Worms and various other things can all be used to place a roadblock to the Hacker in his attempt to dominate a system... Clever use of Layered Nodes, Passkeys, Chokepoints, Verification Systems and such, can extend this out even more. Hell, you can even move permissions from User and Security Access to Admin Access Only if you really wanted, or even move off-node those files that keep track of such things (like your event log) so that it is even more time lost to the Hacker trying to cover his tracks. You can even make a file non-editable (no one has the permissions to change/Delete the file) to stymie those pesky hackers completely in trying to cover their tracks)

A Spider observing his system that detects an intruder CAN just shut out the offending user... if the Attacker is using a legitimate account when he is detected, he can be automatically logged off with no roll whatsoever... if he is using an Exploit, the system can try to oust him automatically once every Turn (contested roll)... this is in addition to having the attacker swarmed with IC or other Agents, attacked by Spiders, and even tracked to his location with 4 or 5 turns at most (that is a whopping 15-20 seconds)...

As for the Uber and High-end Secure systems... many of them are not accessible from the Matrix... which is a form of security in its own right... if you have to physically penetraste a system, it increases the risk, soemtimes exponentially. and yes, a hacker can run a rating 12 program on a rating 6 comlink... but first, the hacker has to have access to such a program (even if he can program it himself, it is going to take a great deal of time to do so)... and the GM is perfectly within his right to limit such endeavors to programming facilities in the larger Corporations if that is what he wants to do. On the other hand, that sounds like something that Fastjack could probably do, and as such, maybe a character that has been in the shadows a while deserves such a program... as long as he is not running with a whole slew of programs at such ratings, it is not that big of a deal... After all, a Technomancer can thread to ungodly ratings to perform his shennanigans...

As well... when systems start to accumulate large numbers of programs and personna, it starts to suffer degradation, eventually thte system may be forced to re-boot just to clear the electronic log-jam.

You are correct that it is an Arms Race... but I do not agree that it is skewed in the Hackers Favor... The typical Hacker will never have the resources of a Megacorp. As such, his equipment will generally be inferior to the task in a lot of instances. If your Hacker is running roughshod over your computer systems, maybe you should take a look at your systems.

There are a lot of rules (and optional rules) that can make hacking very difficult to nigh impossible. A Good example, that everyone continues to complain about, is Encryption. You can implement Dynamic Encryption... this alone can cause enough hassles for a Hacker that he may try to defeat this type of system by obtaining an actual encryption key through Social Networking or outright thuggery. Combine it with Strong Encryption, and you now have a system that will probably never be breached by the Typical Hacker running Rating 6 Programs. That is just a single example...

I like the Hacking Rules in play currently. They are a huge improvement over what has come before. Yes, they are not entirely realistic, but that is an inherent design choice. This choice makes playing a Hacker feasible. Implementing Real-World pareadigms would effectively kill the Hacker (and Rigger) archtypes pretty effectively... I don't know about you, But I enjoy playing a Hacker a lot...

Just Sayin'

Keep the Faith

[DMiller]

I'm afraid I agree with Tymeaus. The RAW have their flaws, but it is still much better than earlier editions. We have had our problems with Matrix and data security. But after a lot of reading and discussions it's working pretty well for our group. Though we do see quite a few non-matrix linked nodes in our games.

[hobgoblin]

i guess what one need to do is consider matrix security like physical security.

f you put your R&D lab downtown with just a rent-a-cop at the door, the runners will be walking in and out all the time.

but put it in a remote location, possibly removed from maps somehow, with a first check point some distance out from the main complex, and out of view of the main complex, with patrolling guards, spirits and para-animals in a zone beyond that. then the inside also have zones of access. Basically its become a fort. Even if the runners get in, one could lock the place down, and basically wait for them to try and leave.

so, matrix security on same.

remote location, not on the maps: hidden mode and encrypted traffic.

distanced checkpoint: chokepoint node(s).

patrols: agents, spiders.

one thought i had after writing the initial post was this:

have a collection of nodes outside send encrypted data towards the target node. These are nodes whos accessid the target node knows, and will only respond to with canned traffic that will get it nowhere. But the attacking hacker will not know that. So if he is looking for a accessid to spoof, he may well pick up one of these, that are in essence useless.

basically, no security is foolproof, the concept is more of making it bothersome to get in for all but the most dedicated and patient. The rabble will then move on to easier targets.

still, these security measures may well make the game slow down when a hacker wants to penetrate. But then thats why you allow a back door. A physical break-in and a jack point of some sort inside.

oh and btw, SR4 allows the hacker to be simply booted when spotted. But with spoof, he can basically change accessid and come right back.

the only sad thing about SR4 rules are that at this time, there is no real way to trash a attackers hardware or software

[hobgoblin]

oh and btw, the new faq update mentions one time pads still being around, but being cumbersome for general use.

my guess there is that the major economic institutions could be using mutually exchanged one time pads to handle traffic between their back end systems.

heck, i get the mental image of a courier with suit and sunglasses either carrying a case locked to this wrist, or maybe even a cranial storage implant and a bomb of some sort in case of someone attempting for force access.

so, general trading happens over normal channels, but at end of trading day, the various entities involved crack open the open time pads and go over the logged exchanges one more time for verification.

money transfers of various kinds have worked before the net came into existence, so i cant see it all coming to a screeching halt in SR.

[MadDogMike]

oh and btw, the new faq update mentions one time pads still being around, but being cumbersome for general use.

my guess there is that the major economic institutions could be using mutually exchanged one time pads to handle traffic between their back end systems.

heck, i get the mental image of a courier with suit and sunglasses either carrying a case locked to this wrist, or maybe even a cranial storage implant and a bomb of some sort in case of someone attempting for force access.

And cue awesome run idea. Heck, having runners deliver a one-time pad isn't a major security breach if you can rig things to add a step where you confirm it was delivered to the target via contact with said target (i.e. call 'em up, ask "Did you get that thing I sent you?" and only send via one-time if you get confirmation); if the runners or someone else steal the pad, it's useless because you know not to use it. Won't work under all scenarios, but makes a good excuse for runners to be messing with it. Though on the other end of things, messing up delivery of a one-time pad could be a useful method to slow a particular business transaction down you want stalled.

Part of the other reason behind weakened Matrix security is the balance between actual usability and security. According to Unwired if memory serves most researchers/executives want to be able to run wireless within their areas, which is why you tend to get wireless hacking possible once you get past an external wireless block. Then of course there's the obvious issues of having hyper security tag normal users; nothing like black IC wasting a company VP or something to get a security hacker fired (on a rocket, into space...). Considering how computer malfunction and user error as-is, going nuts on security is more likely to hamper normal users than intruders, who should be rare anyway. It seems based on the discussion of milisecond buyouts and the like that business online needs to move fast, and lots of effective security is going to slow you down too much. Besides, let's face it, how many corporations today do you think have major security issues in their IT stuff? Or hell, how many governments? Why should a semi-dystopic future be any better about it? Feels like the major way Matrix security works in SR isn't throwing up a perfect barrier to intruders (which you can't do very easily) but throwing up enough barriers to make it take long enough/they have enough chances to screw up so they can be be spotted by the firewall/security hacker. Which might explain why technomancers who can thread Stealth past 10 get such terror from Matrix security, come to think of it; this approach is less likely to work.

If you really want an excuse to deny hacking something, I expect all the defensive programs past 6 that we never see in game are on things like the NSA's computers and the like. Doesn't matter how uber you are, minus some human engineering you're probably not cracking an Analyze 12/Firewall 12 on something like a nuclear missile or the like even with the highest end normally available Rating 6 programs and gear. As for why it's not everywhere, I presume the resources needed to keep such thing SOTA are expensive enough that it's not worth it barring a truly serious threat. Spreading even a single uber-program around to everything you own is also a way for someone to see it and figure out how to break it (or worse, figure out how your security thinking is going based on the design and be prepared to hack the next generation of programs as well). Better to keep it as the last line of defense on something kept ridiculously physically secure already.

[Tymeaus Jalynsfe...]

And cue awesome run idea. Heck, having runners deliver a one-time pad isn't a major security breach if you can rig things to add a step where you confirm it was delivered to the target via contact with said target (i.e. call 'em up, ask "Did you get that thing I sent you?" and only send via one-time if you get confirmation); if the runners or someone else steal the pad, it's useless because you know not to use it. Won't work under all scenarios, but makes a good excuse for runners to be messing with it. Though on the other end of things, messing up delivery of a one-time pad could be a useful method to slow a particular business transaction down you want stalled.

Part of the other reason behind weakened Matrix security is the balance between actual usability and security. According to Unwired if memory serves most researchers/executives want to be able to run wireless within their areas, which is why you tend to get wireless hacking possible once you get past an external wireless block. Then of course there's the obvious issues of having hyper security tag normal users; nothing like black IC wasting a company VP or something to get a security hacker fired (on a rocket, into space...). Considering how computer malfunction and user error as-is, going nuts on security is more likely to hamper normal users than intruders, who should be rare anyway. It seems based on the discussion of milisecond buyouts and the like that business online needs to move fast, and lots of effective security is going to slow you down too much. Besides, let's face it, how many corporations today do you think have major security issues in their IT stuff? Or hell, how many governments? Why should a semi-dystopic future be any better about it? Feels like the major way Matrix security works in SR isn't throwing up a perfect barrier to intruders (which you can't do very easily) but throwing up enough barriers to make it take long enough/they have enough chances to screw up so they can be be spotted by the firewall/security hacker. Which might explain why technomancers who can thread Stealth past 10 get such terror from Matrix security, come to think of it; this approach is less likely to work.

If you really want an excuse to deny hacking something, I expect all the defensive programs past 6 that we never see in game are on things like the NSA's computers and the like. Doesn't matter how uber you are, minus some human engineering you're probably not cracking an Analyze 12/Firewall 12 on something like a nuclear missile or the like even with the highest end normally available Rating 6 programs and gear. As for why it's not everywhere, I presume the resources needed to keep such thing SOTA are expensive enough that it's not worth it barring a truly serious threat. Spreading even a single uber-program around to everything you own is also a way for someone to see it and figure out how to break it (or worse, figure out how your security thinking is going based on the design and be prepared to hack the next generation of programs as well). Better to keep it as the last line of defense on something kept ridiculously physically secure already.

Excellent Points MadDogMike...

Keep the Faith...

[kjones]

MadDog, I agree with you in theory for the most part. However, let's look at the specific example of some godlike node with Analyze 12 and Firewall 12.

My hot-simmed hacker with Hacking 6 and Exploit 6 will break through that firewall in 3 rolls, on average. Sure, he'll probably set off an alarm when he does so, but it still took him all of 3 seconds (3 IPs) to break through what should theoretically be a godly firewall.

This is why you don't set up your security this way, of course - layers are the key, as previously noted. Two chained nodes, each with Firewall 6, will be harder to hack (assuming you have to go through the first one) than one node with Firewall 12, especially if you load up the first one with IC. My point is that having high Firewall just doesn't cut it. 3 seconds!

[hobgoblin]

but then 6+6 is the best gear available on the street. And hotsim is a illegal mod. This is a guy that shows up with a backpack of tricks to break into fort knox, not some kid climbing a fence for kicks.

[tagz]

I think also for good security you have to sometimes think outside the box. A lot can be done with the present tools, even at low ratings to mess with a strong hacker.

For instance:
I have a node for a research lab, it's their archive of information. It has fairly standard corp security. But the truly valuable research data is on a hidden node within that node. THAT node is only active for 1 minute a day and only allows data transfers to and from it by authorized users, is hidden, encrypted, and data-bombed, and the Spider actively oversees it and the transfers during that 1 minute. The parent node also goes on general alert, so IC and agent behavior may change during that minute.

Now, 1 min is a lot of IP on the matrix, but that's also the same amount of IPs to dedicated searching for anomalies/intruders. And a set number of turns/IPs is created. Obviously you could adjust this as you saw fit to your own game.

This could create a whole slew of problems for the hacker, while not making it impossible or using extremely high program ratings. They have a window of operation they must work in. Can they break the encryption in a short period of time? Is it dynamically encrypted of can the attempt of a previous day that succeeded still work? How do they learn when the node will be active? Do they remember to check for a data-bomb when they are working under the clock? Can their stealth handle dedicated searches? How did they learn that the real paydata is on this hidden node in the first place, of for that matter how it operates?

This is extreamly implementable by a corp, and cheap too. You could even hire extra spiders that only exist on the payroll for the half hour before and after the node goes online.

Anyhow, my point is matrix programs and such are tools. So the PC has a sledgehammer and the spider has a framing hammer. Make a situation that requires a screwdriver. Or make a situation that requires a hammer but doesn't give the room to swing a sledge. There are lots of options at your disposal.

[Tymeaus Jalynsfe...]

MadDog, I agree with you in theory for the most part. However, let's look at the specific example of some godlike node with Analyze 12 and Firewall 12.

My hot-simmed hacker with Hacking 6 and Exploit 6 will break through that firewall in 3 rolls, on average. Sure, he'll probably set off an alarm when he does so, but it still took him all of 3 seconds (3 IPs) to break through what should theoretically be a godly firewall.

This is why you don't set up your security this way, of course - layers are the key, as previously noted. Two chained nodes, each with Firewall 6, will be harder to hack (assuming you have to go through the first one) than one node with Firewall 12, especially if you load up the first one with IC. My point is that having high Firewall just doesn't cut it. 3 seconds!

A top of the Line system as described will probably have several things going for it; at least this is how I would set up its initial gateway...

NOW...your example of your Hacker is using 14 Dice? 6 Program, 6 Skill and +2 to Hot VR? Average rolls = 4 Successes per pass to gain entry... with USER access Rights... The System gains 6 Hits to detect you (Your Stealth is a 6 right?) at which point your target went from 12 to 16, lengthening your hack to gain entry to 4 passes, and the system has already been alerted to your presence... not a good way to gain access to a system; hell IC/Spiders present in the Node do not even have to roll to detect your Access ID (Stealth right?) because you have been flagged by the Firewall...

Anyways, you have several issues that have to be accomplished before you make any Hacking Attempts......

First the Decryption (What, you though that the node was not decrypted?)... If this system is using Dynamic Encryption, you will have to contend with a threshold that is ridiculously high (on average, you will have a Gateway Node on a Rating 12 System with an Dynamic Encryption Algorithm that takes 18-20 hits to successfully decrypt... If that system is using Strong Encryption as well, your Interval can be anywhere from 1 Minute to 1 Day... Good luck decrypting that system before you begin to starve (Remember, if at any point you halt your decryption Attempt, you have failed and must start all over again... with a top of the line hacker, you are looking at about 14 Dice or so to decrypt that system... Average Hits at 3, you are looking at from 4-7 DAYS to crack that code...

At that point the Rating 12 Data Bomb (Pavlov Option) that is keyed to the Gateway port is going to need some attention. IF the hacker finds said program, he will try to defuse it (The System will have 24 dice (Rating x2) vs the Hackers DefuseTest (Hacking + Defuse of Maximum of 12 Dice, 14 if applicable Specialty)... I am putting my money on the Data Bomb at that point... Now, either failing to perceive the data bomb or failure to defuse it will cause 12x1d6 Damage to the Hacker... Even a minimal roll will probably flatline the intruder... That is your First line of defense

IF you have successfully made it this far, NOW you may make that attempt to Hack the System... It will take some time, and he will set off an alert in the process, all things being average...

Once the hacker accesses the system, he is undergoing a possible terminate connection action, and in keeping with the example provided for a Top of the Line System (One more than capable of running a UV Environment), this would be a Firewall (12, plus the Firewall Bonus for an Active Alert of +4: for 16) + System (12) opposed test against the Hacker's Hacking (6) + Exploit (6) test... who do you think is going to win this one... it is my belief that there are hacks against systems going on all the time, the optimal initial response is for the node to have "Terminate Connection" as its ARC response as its second line of defense. This will generally log off the Hacker in question and allow the system to resume doing whatever it does... This is your Second line of defense...

Third line of Defense... Have an Agent/IC Immediately query an Icon when its Access ID is noticed, and everytime if performs a function that is questionable... once detected, either an alert is triggered (with the same test as pervious for Terminate Connection), or a Spider is notified to investigate further, at which point he may either Track the User, Launch IC on the User, or monitor the User...

From there, your Node Topography will determine exactly how things will progress...

You do not just casually hack a rating 12 System... it is often very, very deadly... so your three to four second hacking attempt (I Say this loosly, as it was not really all that much of an attempt at taht point) results in a possibly brain dead hacker...

Note: This same Topography Scheme works just as well on a Rating 6 System... thoguh at that point, your Hacker is on more even footing and has an actual chance to survive the initial moments of the Hack...

Thanks for Hacking...

Keep the Faith

[Saint Sithney]

Further security ideas for buggering the hacker.
1) The daisy chain. It's cheaper than good ICe to just have all data flowing through a physically linked portal chain. Each node is subscribed only to the previous and next and is linked by fiber. An extra 2000¥ or so means that the hacker needs to plow though 10 consecutive firewalls.
2) Onion nodes. Any device can run a potentially unlimited number of virtual nodes. Daisy chain like before, but less devices means less physical bulk, easier to hide and all that. Reason states that each virtual node would need to be running an OS concurrently, so response would be limited, but firewalls aren't limited by response.

Combine both for a gateway system which can slow and challenge a hacker without getting too esoteric.

[Tymeaus Jalynsfe...]

Further security ideas for buggering the hacker.
1) The daisy chain. It's cheaper than good ICe to just have all data flowing through a physically linked portal chain. Each node is subscribed only to the previous and next and is linked by fiber. An extra 2000¥ or so means that the hacker needs to plow though 10 consecutive firewalls.
2) Onion nodes. Any device can run a potentially unlimited number of virtual nodes. Daisy chain like before, but less devices means less physical bulk, easier to hide and all that. Reason states that each virtual node would need to be running an OS concurrently, so response would be limited, but firewalls aren't limited by response.

Combine both for a gateway system which can slow and challenge a hacker without getting too esoteric.

Also very good ideas...

Keep the Faith

[Heath Robinson]

Further security ideas for buggering the hacker.
1) The daisy chain. It's cheaper than good ICe to just have all data flowing through a physically linked portal chain. Each node is subscribed only to the previous and next and is linked by fiber. An extra 2000¥ or so means that the hacker needs to plow though 10 consecutive firewalls.
2) Onion nodes. Any device can run a potentially unlimited number of virtual nodes. Daisy chain like before, but less devices means less physical bulk, easier to hide and all that. Reason states that each virtual node would need to be running an OS concurrently, so response would be limited, but firewalls aren't limited by response.

Combine both for a gateway system which can slow and challenge a hacker without getting too esoteric.

The first fails if the node at the end of the chain ever phones out. The idea of a daisy chain, whilst described in Unwired, has absolutely zero rules support. At best, you've got a Signlless Hidden node proxying through a chain of other nodes (taking the Response penalty for each). Even then, if anybody needs access there's going to be a way to find it, eventually.

If you don't have its AID, you can't connect to it. You can only get its AID by searching for it using the Detect Hidden Node action, which requires you be in mutual Signal range, which a wired-only node does not have.

[The Jake]

If I were going to pull off a righteous hack (and maybe this is something of my RL knowledge coming to the fore) I would use an agent to scour the Matrix for known employees of a given organisation that work for said "UltraSecure"tm host.

I would then datamine for their hobbies, likes, dislikes, professional interests, sporting associations, professional groups, resume, etc, etc. -- anything and everything I can find to get a way inside.
I'd then manufacture my own malware, design to mess with their commlink.
Finally, I'd find a way to introduce myself with the target, using social engineering, get all close and friendly - focus on infecting their commlink and anything else they're carrying with my malware.

Get your access codes and what not - or failing that, at least map the internal network and interior security of "UltraSecure"tm host - and off you go!

VOILA! Classic spearphishing attack. Proven in the field to have a high success rate.

- J.

[Tymeaus Jalynsfe...]

The first fails if the node at the end of the chain ever phones out. The idea of a daisy chain, whilst described in Unwired, has absolutely zero rules support. At best, you've got a Signlless Hidden node proxying through a chain of other nodes (taking the Response penalty for each). Even then, if anybody needs access there's going to be a way to find it, eventually.

If you don't have its AID, you can't connect to it. You can only get its AID by searching for it using the Detect Hidden Node action, which requires you be in mutual Signal range, which a wired-only node does not have.

I see it a bit differently than you do apparently... I see an intertwined mix of nodes... they are not Proxy nodes but hardwired access points that you must get through before accessing a specific node... it is good system design to layer your nodes and access points. other wise it gets real boring (forthe hacker at least) if the systems are all set up the same way... think of the Suystem architecture as a whole, not as Proxy's that must be gone through.

As for connecting to a wholly hardwired system, you are correct, it has no node to scan for at all, as it has no signal rating. but that is okay... assuming that the system IS on the Matrix, one of its nodes will probably have a wireless access gateway... this is what you would be scanning for. Now, if the system is not on the Matrix, they you would have to find a physical jackpoint and use that to access the system... However, the Physical nodes that are connected together are NOT proxying their connections (that would be a ludicrous design in almost every case, because it would degrade the system resources), they are just linked together in a logical manner to allow differing styles of architecture... Daisy Chains are not Proxy Servers in my opinion, at leaSt be default.

Keep the Faith

[The Jake]

Strictly speaking, if they're treated as seperate nodes, they can be.

Otherwise they're a cluster.

- J.

[Tymeaus Jalynsfe...]

Strictly speaking, if they're treated as seperate nodes, they can be.

Otherwise they're a cluster.

- J.

They could be clusters, but then they lose the architecture of a Distributed Network, which is what we were talking about... I work on a distributed network that has many thousands of independant connections, and I am pretty sure that I do not have system degradation based upon all of those "nodes" out there... and I can go from node to node with little problem, except for possible Permissions issues... This is not a Cluster or Supercluster, it is distributed... much the same as we were discussing... and going from node to node would require hacking unless you otherwise had access...

This is how I see setting up a "System" in Shadowrun... Many, Many Nodes all interconnected with each node possibly performing a different function within the system...

But your point is well taken... You COULD set it up as a Cluster if you indeeed wanted to do so... and you COULD even set it up as a Daisy Chain of Linked Nodes... I see it as more of an Onion though...

Keep the Faith

[The Jake]

They could be clusters, but then they lose the architecture of a Distributed Network, which is what we were talking about... I work on a distributed network that has many thousands of independant connections, and I am pretty sure that I do not have system degradation based upon all of those "nodes" out there... and I can go from node to node with little problem, except for possible Permissions issues... This is not a Cluster or Supercluster, it is distributed... much the same as we were discussing... and going from node to node would require hacking unless you otherwise had access...

This is how I see setting up a "System" in Shadowrun... Many, Many Nodes all interconnected with each node possibly performing a different function within the system...

But your point is well taken... You COULD set it up as a Cluster if you indeeed wanted to do so... and you COULD even set it up as a Daisy Chain of Linked Nodes... I see it as more of an Onion though...

Keep the Faith

You're confusing IRL know-how with in-game now. This is where the Matrix rules break down (and not a mistake you make normally!).

- J.

[Tymeaus Jalynsfe...]

You're confusing IRL know-how with in-game now. This is where the Matrix rules break down (and not a mistake you make normally!).

- J.

No, It was just an example of what might be a typical layout for a node in Shadowrun, though it was based upon personal experience, yes...

A "System" is an interconnected group of Nodes... It may be a single node, or a thousand nodes, it does not really matter... They may be Clustered (though this could be ineffecient with High Powered Standard Nodes or Nexi, as they cxreate a single "Supernode" and this may not be what you want, it is more secure), they may be Slaved (Not all nodes on a system will be slaved, but you may have groups of slaved Nodes connected to other slaved nodes, and on, and on... this is another "Advanced" node configuration and provides greater security for the subnetwork so configured), or they may be just independant nodes linked together in a Large System Architecture (May not be the most effecient, but still viable, as each node may have multiple connections to other independant nodes... This is the standard Network Configuration)...

Sub-Nodes (and by extension Peripheral Nodes) can bring in a multitude of additional issues, because a Sub-Node can be almost anything with a connection to the parent Node... some of them can be wired and others will be wireless, and the node configuration that you use will determine how secure they will be...

Some of the tips and tricks used to establish a more secure "System" include such things as Chokepoints, Layered Defenses and Passkey Access... Limiting account priveleges and protecting the access log are also good practices to implement in teh design of the Architecture... No where in the rules can I find that layering your system induces Reduction is System Resources... The Layered Defense Option is not the same as using a Proxy Server to hide your activities, And a Daisy Chain of Nodes (Chokepoints and Authentication Nodes) are not the4 same as a Proxy Server either... According to the Book (Page 104, Unwired), Nodes may be configured to act as a Proxy Server, but they do not have to be. Now, If I was to use a Proxy Node, I would design my System as a whole, then I would route a Hardwire to a different Location (why go wireless when you can go Hardwire) and then set up a node with the Proxy Configuration to actually interface with the Matrix... a Single Proxy is useful in that t can provide a level of protection to yor core network... Hackers can use Anonymous Proxy Servers to hinder and tracking attempts... a good idea for personal safety in my opinion.

So, in the end, a Proxy Server is a node configured to perform that function... if A Daisy Chain of Nodes (not set as Proxies) were put in place to constrict and harrass the Hacker (having to hack through 5 Seperate nodses to get to something that can actually provide other information/access is tedious and many hackers will stop before they actually penetrate anything of value), and it is fairly inexpensive (System Architecture wise), why would you not do so... load each node with IC and Authentication, and the Hacker will probably be detected fairly quickly... and he has not even penetrated anything that is truly sensitive at that point... I know that I mam going to implement such strategies if I was a Corporation in Shadowrun... A moderate Outlay of say 20,000 nuyen to negate the potential losses of Millions or more... You Betcha...

Keep the Faith

[Heath Robinson]

I see it a bit differently than you do apparently... I see an intertwined mix of nodes... they are not Proxy nodes but hardwired access points that you must get through before accessing a specific node... it is good system design to layer your nodes and access points. other wise it gets real boring (forthe hacker at least) if the systems are all set up the same way... think of the Suystem architecture as a whole, not as Proxy's that must be gone through.

As for connecting to a wholly hardwired system, you are correct, it has no node to scan for at all, as it has no signal rating. but that is okay... assuming that the system IS on the Matrix, one of its nodes will probably have a wireless access gateway... this is what you would be scanning for. Now, if the system is not on the Matrix, they you would have to find a physical jackpoint and use that to access the system... However, the Physical nodes that are connected together are NOT proxying their connections (that would be a ludicrous design in almost every case, because it would degrade the system resources), they are just linked together in a logical manner to allow differing styles of architecture... Daisy Chains are not Proxy Servers in my opinion, at leaSt be default.

You misunderstand. There are no rules to support the daisy chain setup. None. If there are, you could quote me some. I mean that - quote me the rules proving me wrong, with page references. The assertions in Tips and Tricks (or whatever the title of that chapter is) of Unwired are not rules. Your description of a daisy chain is a houserule so far as I can tell.

It is bad game design to force players to roll more dice for no reason. If you can tell another player what your actions would be sufficiently ahead of time that you can go play another game entirely, the prospects for that game fucking suck. Repetition is for robots. Daisy chains suck balls and are boring because they mandate additional rolls for no general benefit.

You may instead make a general search for Hidden nodes that are within mutual Signal range.

A wired-only node that is in Hidden mode cannot be detected using this method. Since you should never see the server running any important Corporate node without a whole fucking Shadowrun, this is the only way you would be able to search for the Hidden node unless you use Trace on one of its subscriptions, the logs of another node it has visited, or on its icon in another node.

[KnightIII]

Daisy chain as I understand it:

Target node-->Secure Node C--->Secure node B--->Secure node A--->Access node--X

The target node and the secure nodes have 0 signal and are wired to eachother in a direct chain with A being connected to a 5th node that has wireless access to some degree. Even a rating 6 system is good enough for this as it could theoretically connect to 12 such systems without any problem. For an authorized user it would be no more annoying than my bank:
Access Node: Enter User name
A node: Enter password
B node: What is your mothers maiden name?
C node: is this your watermark? (checks a passkey modual connected to authorized comm)
Target: access granted. Surely you know the encryption code for the file you wish to access

For a hacker its a little more challenging.
Access node: SPoof an accepable ID or hack the firewall
A node: passcode or hack again
B node: passcode or hack again
C node: passkey spoof or hack once more
Target: Begin decryption process.
Now you have your matrix icon strung out along 5 nodes, for optimum security each node should be running an IC scanning users say... every turn.

All pretty basic with just rules from the core book. Unwired could make it even more challenging.