IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Let's talk security., Or, how to make my players' lives harder.
Tanegar
post Sep 26 2016, 12:56 AM
Post #1


Runner
******

Group: Members
Posts: 2,654
Joined: 29-October 06
Member No.: 9,731



So, the other day I noticed the price of a biomonitor is only 300 nuyen. At that price, I can't think of a single reason why every single security guard shouldn't be wearing one, linked to the security mainframe of wherever they're guarding. Johnny Corpsec gets killed or KO'd? The spider knows about it instantly and sounds the alarm.

What are some other cheap, easy ways to beef up security? I want to incentivize cleverness and meticulous planning, and deincentivize Leeroy Jenkins.
Go to the top of the page
 
+Quote Post
MortVent
post Sep 26 2016, 02:17 AM
Post #2


Moving Target
**

Group: Members
Posts: 446
Joined: 16-May 03
Member No.: 4,598



unconnected hidden cameras : off the network, manual connection to download footage

air flow sensors : basically if the air flow across the floor is interrupted it triggers a flag (think the output of an air vent being monitored)

audio room alerts : think small low/high freq sounds that are room specific. If they are detected outside of a secure room (aka when the lab door is listed as closed) it causes alarms/flags

whistles : guards have them, use them.. some high pitched, some low pitched (work well for runners too, especially as audio triggers for surprises)

Try to take the networking out of the equation, make them focus on some basic infiltration skills and hard mode security disabling... as well as boost the paranoia
Go to the top of the page
 
+Quote Post
Sardos
post Sep 28 2016, 09:35 PM
Post #3


Target
*

Group: Members
Posts: 3
Joined: 28-September 16
Member No.: 200,900



I would be more inclined to ask why you feel the need to make your players' lives harder? Are you trying to provide more challenge that will make the game more fun? Or do you just want to make the players' lives miserable?

The former is cool, the later begs the question, why are you GMing the group if you just want to make them miserable?don't usually get sent to hit major installations or corporate headquarters.

As far as equipping front line sec guards with Biomonitors, the section in the core book indicates that corps usually only provide the grunts with the bare basics, and if things get out of hand, they're trained to call in support. Additionally, not all security systems even have spiders. Spiders are usually placed in areas that house higher value targets and major corporate offices. So it depends on the location as to whether they would have a spider or not.

A Biomonitors would be slaved to the sec guards PAN, which is more susceptible to hacking than the security system itself. To alert the security spider of a guards death or unconsciousness, would mean it was slaved to the security node, and could be used as a point of entry for a hacker.

There's lots of simple ways to make places more security, i.e. Appropriately rated Maglocks, Biometrics, drone patrols, etc.
Go to the top of the page
 
+Quote Post
ShadowDragon8685
post Sep 29 2016, 01:05 AM
Post #4


Horror
*********

Group: Members
Posts: 5,322
Joined: 15-June 05
From: BumFuck, New Jersey
Member No.: 7,445



Remember, the primary enemy of security is convenience.
Convenience's most-important ally is budget. Just go on over to The Daily WTF and peruse the horror stories of tightwad managers causing small problems to snowball into gigantic disasters because they begrudged a few hundred or a few thousand bucks on backup equipment and protocols.


So any low-level place will have a budget manager asking the security IT guy WHY, exactly, he felt the need to put 9,000 nuyen worth of biomonitors on the company card, and why, exactly, he should have a job after that.
Go to the top of the page
 
+Quote Post
Tanegar
post Oct 8 2016, 05:03 AM
Post #5


Runner
******

Group: Members
Posts: 2,654
Joined: 29-October 06
Member No.: 9,731



QUOTE (Sardos @ Sep 28 2016, 04:35 PM) *
I would be more inclined to ask why you feel the need to make your players' lives harder? Are you trying to provide more challenge that will make the game more fun? Or do you just want to make the players' lives miserable?


I answered this question in the OP:
QUOTE (Tanegar @ Sep 25 2016, 07:56 PM) *
I want to incentivize cleverness and meticulous planning, and deincentivize Leeroy Jenkins.

Leeroy Jenkins, for the record, is how the last group of PCs got fragged.

I quite like the offline-cameras idea. I also think I'm going to have all but the most slapdash security systems be hardwired. If you own the building, and can run cables wherever you want, why would most of your infrastructure be wirelessly accessible at all?
Go to the top of the page
 
+Quote Post
ShadowDragon8685
post Oct 8 2016, 09:04 AM
Post #6


Horror
*********

Group: Members
Posts: 5,322
Joined: 15-June 05
From: BumFuck, New Jersey
Member No.: 7,445



QUOTE (Tanegar @ Oct 8 2016, 01:03 AM) *
I quite like the offline-cameras idea. I also think I'm going to have all but the most slapdash security systems be hardwired. If you own the building, and can run cables wherever you want, why would most of your infrastructure be wirelessly accessible at all?


So your own people can use it without the inconvenience of whipping out a fiberoptic cable like it's 2051. And if you install exclusively wired hardpoints, it's going to take approximately three weeks before someone gets fed up and installs a cheap Signal 2, Firewall 1 repeater at one of the tap points. Congratulations, your security has made itself more insecure by frustrating its users into bypassing it through aftermarket and uncontrollable addons than if you'd just installed a properly-secured wireless interface of your own.
Go to the top of the page
 
+Quote Post
psychophipps
post Oct 8 2016, 03:18 PM
Post #7


Running Target
***

Group: Members
Posts: 1,192
Joined: 6-May 07
From: Texas - The RGV
Member No.: 11,613



QUOTE (ShadowDragon8685 @ Oct 8 2016, 04:04 AM) *
So your own people can use it without the inconvenience of whipping out a fiberoptic cable like it's 2051. And if you install exclusively wired hardpoints, it's going to take approximately three weeks before someone gets fed up and installs a cheap Signal 2, Firewall 1 repeater at one of the tap points. Congratulations, your security has made itself more insecure by frustrating its users into bypassing it through aftermarket and uncontrollable addons than if you'd just installed a properly-secured wireless interface of your own.


Umm...why would a wired security camera network require tap points all over the place? The signal only has to go to the control/monitoring area(s), loss of signal is a very strong indicator of something seriously wrong (especially if you use reinforced cabling on external wiring), and it's pretty simple to install the cabling during construction without incurring lots of unnecessary expense. Now, keep in mind that this would be for a facility designed with intrusion countermeasures in mind from the get-go, not some slap-on security system added by the new warehouse owner.
Go to the top of the page
 
+Quote Post
Koekepan
post Oct 8 2016, 04:00 PM
Post #8


Neophyte Runner
*****

Group: Members
Posts: 2,040
Joined: 19-May 12
From: Seattle area
Member No.: 52,483



Security! One of my favourite topics.

OK, so always start with the scenario. Who is protecting what from whom? What you're saying sounds like physical security, but not in the context of a warzone so much as anti-burglary.

This refines our case: prevent the bad people from making off with the widget.

As a secondary priority, prevent the bad people from escaping undetected/unidentified.

A lot of this will depend upon the nature of the widget. If it's a tiny doodad for microelectronics, that can make things tougher, but if it's anything more substantial, start by attaching it to something heavy. For example, if what's under discussion is a prototype AI-driven autodoc built into its own gurney, use a big steel cable to lock it to a bolt in the floor.

"OK, there it is! I scoot up and roll it away."

"You get all of six inches before the cable is taught."

"Wait ... what? What cable?"

"The cable leading to the bolt set in concrete. You know, the one you never bothered to ask about."

"Awww ... fraggit!"

Another source of surprisingly cheap, but surprisingly effective security, is a combination of auditing plus violation protocol. For example, if there is a restricted lab, show ID to a scanner at the door. Simple, cheap, and very easy to fool. Then add some sensors in the lab that count heat signatures/moving bodies/mass and correlate them with what the entryway sensors say. Again, cheap and easy, especially at Shadowrun levels of technology. They don't even have to be directly wired together, if they simply passively report their findings to the auditing machine that looks for discrepancies. The response also doesn't have to be whooping sirens, red strobes and autocannon. It can be as simple as a few low-key guys in white coats (with body armour under their coats) wandering through to check out the alarm.

Another way is simple misdirection. Let's say there's a nice, easy corridor all the way from the lobby (or other ingress point) to the big, useful stuff. And it's locked. Maybe it's a fire exit, so that egress is easy but it's not intended for ingress. If anyone's in that corridor, set off a silent alarm. That's never supposed to happen. But runners are likely to say: "I know, we'll bypass all their security down here!" not knowing that that's the one place they should never go.

Another interesting approach is of course the squealer. Let's say your widget is something that has to live in a specialised container, because of dust, or radiation, or whatever. In the container embed some electronics that mostly does nothing but monitor its location. If that changes, every thirty seconds or so it sends a Matrix burst of data on its new location, measured by inertial dead reckoning backed up by whatever other data is available, including things like vehicle signatures, PANs nearby and so on. Maybe even audio recordings. They're cheap, in data terms.

Hope this helps!
Go to the top of the page
 
+Quote Post
Mantis
post Oct 8 2016, 06:36 PM
Post #9


Running Target
***

Group: Members
Posts: 1,102
Joined: 23-August 09
From: Vancouver, Canada
Member No.: 17,538



All this is interesting as far as security ideas go but if the players have no chance to find out about any of it before they enter the site, it's basically saying screw you, you were doomed to fail from the start.
No matter what sort of security a site has, the runners should have a chance to case the place, ask contacts, do matrix research, etc, before ever entering the place. From that they can formulate a plan and head on in. The GM can then use a 'security update' or random patrol if he needs to up the ante a bit. Player screw ups and poor dice rolls usually add enough random badness though.
If your runners aren't even doing the most basic of surveillance and research before entering a site, maybe you need to have a discussion on the type of game you are playing. Make sure they understand that their contacts are there for more than just getting them guns and matrix and magical surveillance of a site is an important step in the whole process as is trying to sneak small drones in to get an actual eye on the facility. All that surveillance gear in the game is there for a reason. Encourage your players to take advantage of it.
Go to the top of the page
 
+Quote Post
Blade
post Oct 10 2016, 01:12 PM
Post #10


Runner
******

Group: Members
Posts: 3,009
Joined: 25-September 06
From: Paris, France
Member No.: 9,466



QUOTE (Tanegar @ Sep 26 2016, 02:56 AM) *
I want to incentivize cleverness and meticulous planning, and deincentivize Leeroy Jenkins.


But do you want the players to actually come up with plans and detailing their security countermeasures, or are you fine with abstracting this in a way?

I prefer the latter, because I don't want my players to have to know all security measures and countemeasures of 2075. Thinking about dozens of security systems and failing the run because the GM thought of using perturbations of the Wireless network signals to detect individuals and we didn't doesn't sound like a good time to me. That's why I like the concept of "Planning Points".

The idea is that when the actions that the PC do to prepare the run are rewarded with Planning Points. Then when the PC are doing the run, the GM can come up with obstacles as usual ("there's a patrol coming round the corner") but the PC can then spend planning points to bypass these obstacles, provided they can find explanations about how their preparation could help "remember when I said I was chatting up people who work there? I befriended the security guards of this patrol, I actually bribed them to open the next door for us". The cost in PP can be adjusted to reward clever ideas and increase the cost of simple/stupid/overly complex ideas.

One of the cool consequence of this is that it allows for Ocean's 11 plans, where everything, incuding seemingly unexpected complications, can be part of the plan.
Go to the top of the page
 
+Quote Post
Tanegar
post Oct 10 2016, 02:46 PM
Post #11


Runner
******

Group: Members
Posts: 2,654
Joined: 29-October 06
Member No.: 9,731



QUOTE (ShadowDragon8685 @ Oct 8 2016, 05:04 AM) *
So your own people can use it without the inconvenience of whipping out a fiberoptic cable like it's 2051. And if you install exclusively wired hardpoints, it's going to take approximately three weeks before someone gets fed up and installs a cheap Signal 2, Firewall 1 repeater at one of the tap points. Congratulations, your security has made itself more insecure by frustrating its users into bypassing it through aftermarket and uncontrollable addons than if you'd just installed a properly-secured wireless interface of your own.

I said *most* infrastructure. Yes, the system will be wirelessly accessible, but that doesn't mean every camera and maglock has to be. There will be one WAP, allowing security to concentrate its Matrix defenses.


QUOTE (Koekepan @ Oct 8 2016, 12:00 PM) *
Hope this helps!

Great ideas, thanks!

QUOTE (Mantis @ Oct 8 2016, 02:36 PM) *
All this is interesting as far as security ideas go but if the players have no chance to find out about any of it before they enter the site, it's basically saying screw you, you were doomed to fail from the start.
No matter what sort of security a site has, the runners should have a chance to case the place, ask contacts, do matrix research, etc, before ever entering the place. From that they can formulate a plan and head on in. The GM can then use a 'security update' or random patrol if he needs to up the ante a bit. Player screw ups and poor dice rolls usually add enough random badness though.
If your runners aren't even doing the most basic of surveillance and research before entering a site, maybe you need to have a discussion on the type of game you are playing. Make sure they understand that their contacts are there for more than just getting them guns and matrix and magical surveillance of a site is an important step in the whole process as is trying to sneak small drones in to get an actual eye on the facility. All that surveillance gear in the game is there for a reason. Encourage your players to take advantage of it.

Very much on point. I always give them the chance to case a target, but they don't always do it. (IMG:style_emoticons/default/frown.gif)


QUOTE (Blade @ Oct 10 2016, 09:12 AM) *
But do you want the players to actually come up with plans and detailing their security countermeasures, or are you fine with abstracting this in a way?

This is a neat idea, and one that I think would work well for my players. I'm going to try it, thanks. (IMG:style_emoticons/default/smile.gif)
Go to the top of the page
 
+Quote Post
Sengir
post Oct 10 2016, 08:40 PM
Post #12


Great Dragon
*********

Group: Dumpshocked
Posts: 5,082
Joined: 3-October 09
From: Kohle, Stahl und Bier
Member No.: 17,709



QUOTE (Blade @ Oct 10 2016, 03:12 PM) *
But do you want the players to actually come up with plans and detailing their security countermeasures, or are you fine with abstracting this in a way?

IMO requiring players to think about bringing a left-handed No. 4 Torx to SFP adaptor is not "rewarding cleverness", it's forcing players through endless iterations of trial and error, because they will never think of everything the GM thought of. Cleverness is when the players know (or have a fair chance of learning) they need that adaptor and come up with a unique and unexpected way to get one.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 28th March 2024 - 01:14 PM

Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.