Matrix Tips and Tricks, It all started with a run that almost went bad... Options

[Redjack]

So here we are, getting ready to break into yet another mansion in a AAA neighborhood. Of course, this mansion had extra security above and beyond the 1 minute Knight Errant response time. The team mage pulled up a big spirit and used weather control to intensify a snow storm already in progress to blizzard levels. As we approached the mansion, the technomancer threaded up his stealth and hacked the node. Once inside, he went looking for the cameras on the side of our approach, finding them easy. He then began to hack a loop of the video into each of the cameras.

Unknown to him, a black IC running stealth was monitoring the video feeds for configuration drift. It noted the each of his changes on cameras 1-3 unable to locate him (matrix perception vs target running stealth, SR4 pg 228) until he edited the 4th camera (the IC just couldn't get the hits). Then it hit the fan. Once the IC found him, it hit him locking his connection open and sent an alert to the dedicated spider monitoring the node. While he was shutting down the IC (using his admin access on the node), the spider was tagging him in the node (spoiling his stealth). He ended up jacking out (now that the IC had been dumped) feeling way too much heat.

My question to you is: What other tips & tricks have you used, or had used against you, in matrix defense?

[Neraph]

Here're some resources that have been around for a bit.
A Shadowrunner's Best Practices, v0.1
Mandatory matrix tools for infiltrators, street samurais and gunslingers
Commlink security for non-hackers

For the GMs out there:
Grunt Survival Guide

EDIT: Shameless plug for something of mine...
Vehicles, Drones, and Agents
(IIRC, there's something in there about security measures, like turning off wireless on drones and working them with only facial/voice recognition)

What I've done personally is used separate nodes with hardpoint-only access, and IC that only observed and activated other IC that tried combat or whatnot. One such was when I used an NPC AI that Replicated copies of itself to go into Matrix Combat with the players, instead of going itself.

[Sengir]

I like having special node on which the IC runs and can access all the nodes behind the central chockepoint. That way hackers have to be wary of patrolling IC (without putting strain on the nodes), and there also is the possibility to have an RL infiltration cooperate with the hacker by unplugging the IC node.
A more sadistic option is to have critical nodes work in "shifts": One is operating, the other gets rebooted and checked for tampering. Obviously means all legitimate users have to re-authenticate every now and then, but hackers have it far harder.
Really sadist: Passkeys and an encrypted access log on another node. The hacker can bend over backwards, in a few turns there WILL be an alarm

[Stahlseele]

And then there is gaming the system.
Set up your system to require the access id to access it.
Erase the Access ID anywhere but inside the system.
So you have to get in to get in.

And the much frowned upon: Hall of thousand mirrors.
Have 1000 rfid tags and make them all look like a goldmember.
And make the rest of your gear look exactly the same again.

[Sengir]

And then there is gaming the system.
Set up your system to require the access id to access it.
Erase the Access ID anywhere but inside the system.
So you have to get in to get in.

Rule number one of designing locations: The location was built to be used legitimately. A tunnel with 100 vault doors one after the other is certainly secure, but how many legitimate users are supposed to go through there?

And the much frowned upon: Hall of thousand mirrors.
Have 1000 rfid tags and make them all look like a goldmember.
And make the rest of your gear look exactly the same again.

Not all Data Search actions use the Browse program. This action can be used on any large amount of data, such as a list of icons in a node, nodes in a Signal range, or network traffic. When using this action for these special searches, use the program that is used to collect the information through which you are searching. For example, use Data Search + Scan to  nd all of the wireless smartlinks in Signal range

If you just want to delay hackers for a couple of seconds, encryption does the same without making you look like you fell into a container of RFIDs (IMG:style_emoticons/default/wink.gif)

[Stahlseele]

so, how do you find all the smartlinks then?
in hidden mode you don't even see them being there, much less what they are.
and you can change it to make it look like something entirely different too right?

[Sengir]

so, how do you find all the smartlinks then?
in hidden mode you don't even see them being there, much less what they are.

With the Scan program, which is used to find hidden nodes.

and you can change it to make it look like something entirely different too right?

How exactly would you do that? And also where, SR4 does not really have an "outside view" of nodes...

[Neraph]

so, how do you find all the smartlinks then?
in hidden mode you don't even see them being there, much less what they are.
and you can change it to make it look like something entirely different too right?

Radio Signal Scanner.

[Udoshi]

so, how do you find all the smartlinks then?
in hidden mode you don't even see them being there, much less what they are.
and you can change it to make it look like something entirely different too right?

Scan program can run in 'i want to sweep everything' mode. Piping the info into a Telematics Infrastructure soft can help with this.
Once you have the data, you can use an Analyze test to determine the Type of node(this is a valid query on the Matrix Perception table)

Furthermore you could toggle your analyzer to automatic mode (4a 228) and set it to look for that information without spending actions, or even write a node script(unwired 51) to do it automatically for you.

You could also hardware hack it. You only need to compromise 1 rfid tag to turn it into an On The Fly Jammer, which will then turn drop all the other low-signal honeypot nodes off of mutual signal range anyway.