Probing the Target? Options

[Lord Ben]

Is it just me or does this seem a bit overpowered? You can just sit in the safety of your basement and as long as you don't glitch after a few hours you have admin access to damn near anything unless they get really lucky on their roll or it's a 6/6 facility, etc.

Can a opposing Hacker/Spider do much to prevent this apart from hoping his firewall+analyze gets lucky?

[Dreadlord]

Is it just me or does this seem a bit overpowered? You can just sit in the safety of your basement and as long as you don't glitch after a few hours you have admin access to damn near anything unless they get really lucky on their roll or it's a 6/6 facility, etc.

Can a opposing Hacker/Spider do much to prevent this apart from hoping his firewall+analyze gets lucky?

Well, having good ICE patrolling to catch them after they break in would be the only option I can think of. You only get one shot with the firewall, but ICE gets to keep scanning ad infinitum.

[Starmage21]

Is it just me or does this seem a bit overpowered? You can just sit in the safety of your basement and as long as you don't glitch after a few hours you have admin access to damn near anything unless they get really lucky on their roll or it's a 6/6 facility, etc.

Can a opposing Hacker/Spider do much to prevent this apart from hoping his firewall+analyze gets lucky?

You know that this is the way it works kinda IRL right? The hacker discreetly runs his ping sweeps and port scans in small enough fashion to not trigger an alert until they find a vulnerable application running and then they hit it hard and fast.

The GoDaddy hack that happened yesterday? Long term planning and probing went into that most assuredly for them to find an entry point vulnerable to SQL LDAP Injection.

[Udoshi]

Can a opposing Hacker/Spider do much to prevent this apart from hoping his firewall+analyze gets lucky?

Yeah, he can stack the odds up and do his research right.

Run Encryption on the node, and Databomb the entry.

IC running analyze gets a second test against anything that logs in. read up on the automatic analyze function - it should get more chances to spot the hacker when they DO stuff. The Homeground autosoft and a high rating analyze program gives IC a decent analyze dice pool.
Exploits(unwired 96) vs various, commonly available commercial hackware might be a good way to catch hackers unaware - and also a tempting paydata target for hackers to steal.

the unwired section about Alerts is really relevant. If someone gets an Alert triggered, everyone can see them through Stealth AND they lose all access rights (meaning they must use Hacking + X to get anything done in the system with things opposing it)

Probing also has a specific mention for backdoors(unwired 98) in that it can find a backdoor instead of a flaw to exploit.


Basically if you want security you need an active defense.

[Manunancy]

Meatworld security strategies apply in theNet too - security needs three functions to be effective : detect the intrusions, delay them and finaly destroy them (or at leat kick them out). Probing is the electronic equivalent of pulling satellite imagery, having a good look a high-power zoom or furtive drone and probably some legwork for more detailed info.

sure you can botch the jon and get the target alerted, but most of the time it will be caught flat-footed when the intursion acutally happen. And just like a physical run, getting inside the facility is only the beggining - you still have to get the job done and return to base.

[SpellBinder]

First reactions of an alert can be important too. I wouldn't imagine all nodes start flashing alert icons once a hacker has been detected. Some might not do anything noticeable other than a text to the white hats, who then discretely start a trace on said hacker so physical law enforcement can pick up the hacker's meat body.

Honeypots, the tempting paydata Udoshi mentioned, can also be great if they're infected with viri and trojans and such. Especially if a hacker is foolish enough to stick in the node to try and scan the paydata before copying it.

[Sengir]

Rule of thumb for matrix security: You can't keep them from getting in, just kick them out ASAP. Of course that means every cheap-ass commlink needs to run IC, which can get a bit unbelievable at times...

[Fortinbras]

Plus all the really good paydata isn't accessible from the Matrix proper. You're going to need to be on site where the bullets and spells will be flying.
Not to mention what's good for the goose is good for the gander. All the baddie's stuff is accessible remotely, but so is the runner's.

[Yerameyahu]

The GoDaddy hack that happened yesterday? Long term planning and probing went into that most assuredly for them to find an entry point vulnerable to SQL LDAP Injection.

Apparently not, but the point is solid enough. (IMG:style_emoticons/default/smile.gif)

It's the same as casing a place in the meat world. You can watch and plan as long as you like, more or less, and find the perfect way in. It's your time you're wasting, though.

[Lord Ben]

Sure, but that takes a bit longer than one hour per dice roll. It should either be more risky or take longer. Two to four hours to have administrative control over the Pentagon is kind of ridiculous.

I work in IT and certain admin's have access to certain tasks. I think a better way to handle it would be simply to give admins +2 or +4 to their rolls, etc instead of free reign to do whatever they want.

[Yerameyahu]

AFAIK, you can do that in SR4. It's crazy annoying to keep track of everything, but you can arbitrarily specify the access of all accounts, I think. This is the same as the classic 'I'll just rewrite my commlink so I'm hackproof' idea. Like everything, SR4 relies on players not breaking the game so it can be fun. (IMG:style_emoticons/default/smile.gif)

[Fortinbras]

Sure, but that takes a bit longer than one hour per dice roll. It should either be more risky or take longer. Two to four hours to have administrative control over the Pentagon is kind of ridiculous.

Yeah, but they'll only have admin access to the Pentagon for a few rounds before they get kicked off of there. Even then, they'll only have access to the equivalent of the Pentagon's website. Anything classified is going to be kept either offline or on internal servers that aren't Matrix accessible.

If you'd like it to more easily reflex certain admins having access to certain things, why not have a bunch of different nodes? Each node handles a different task and each admin only has admin access to that particular node.

[Halinn]

Anything classified is going to be kept either offline or on internal servers that aren't Matrix accessible.

Or at the very least it's nested, so that if you want to get at the paydata, you'll have to go through 5 military-grade nodes first. If you actually try doing that with probing, you will get spotted by an analyze-spamming agent before hitting anything good (or noticed by the absence of the analyze-spamming agent, if you manage to shut that down). If you could get physical access to the node with the paydata, you could get in and get it, but if you try accessing it over the 'trix, you pretty much have to be FastJack, or at least Slamm-0!. You have to operate at world-class skill levels, with world-class equipment to be able to get into it, and you have to be ready to get out of there at an instant's notice if you're spotted.

Also, for admin accounts, there has to exist an account that can give task access to other admin accounts, a super-admin or something. Hacking what the SR rules calls an admin account is probably a process that involves giving the admin account you create access to everything.

[Lord Ben]

Yeah, I haven't played for a bit so the rules saying they can freeze you out after detecting you seem good. I was under the impression your first command after logging in would be "Shut off the IC!" or "download everything to this datachip!" but it would appear not to be quite that easy.

[Halinn]

I was under the impression your first command after logging in would be "Shut off the IC!" or "download everything to this datachip!" but it would appear not to be quite that easy.

First situation ("Shut off the IC!") would likely have a warning go off somewhere in a spider's office (agents 37L8An, 88B6At, 28U2Ar have gone offline on node 31). An agent with programming to watch for other agents and reboot ones to go down would likely be the first to respond to that event (and be the one to send the aforementioned alarm). In the nested node situation, there would probably be some agent-based overwatch from up the chain as well. Agents are extremely cheap for a company, so you'd likely see a ton of those.
The second situation ("Download everything!") probably could be done, but you'd get encrypted data and databombs included. Since you're indiscriminately downloading things, you also get subsystems that try to call out, making you easy to trace, not to mention any hostile agents you can get. And as I suggested in my last post, the really juicy data won't be readily available. What you ideally want to do when hacking is to remain hidden and comb through the data on the node, picking up only choice items.

Both things can be done, but it's the equivalent of a street samurai saying "if we kill all the security guards, nobody can catch us." and "let's steal all the desks, chairs, potted plants, filing cabinets, RFID chips (etc. etc.) now that we got into the lobby."

[Yerameyahu]

Hacking what the SR rules calls an admin account is probably a process that involves giving the admin account you create access to everything.

This is true-ish, subject to the annoying futzing I mentioned above: you (the user/owner) can manually and arbitrarily change the definitions of everything, AFAIK. SR4's admin is not a generic term for 'seriously, it has typical admin god-ness'. (IMG:style_emoticons/default/smile.gif)