 Wired networks in a wireless world |
  |
 Aug 22 2005, 03:59 PM
Post
#26
|
|||||
|
Manus Celer Dei  Group: Dumpshocked Posts: 17,013 Joined: 30-December 02 From: Boston Member No.: 3,802  |
The reason is because in 99% of instances the damage incurred by that killswitch being triggered is an order of magnitude greater than the damage incurred by a decker getting away.
Certainly, but you lose some of the benefits—for example, unless you're completely certain that the information has not been compromised yet, you risk it being transmitted to someone in position to make an escape. ~J |
||||
 |
 
|
||||
|
Aug 22 2005, 03:59 PM
Post
#27
|
|
|
Mr. Johnson Group: Dumpshocked Posts: 2,587 Joined: 25-January 05 From: Berkeley, CA Member No.: 7,014 |
Nodes can initiate a "Terminate Connection" or a complete Shutdown when an alert occurs.
|
|
|
|
|
Aug 22 2005, 04:07 PM
Post
#28
|
|||||
|
Moving Target Group: Members Posts: 404 Joined: 22-June 05 From: Canada eh! Member No.: 7,455 |
If you know you are going to be flooded or you are compromised you can always have a device that severs the connection. You hide the node in some obscure sub system. You could also put a filter on the host's firewall blocking that 1 route/id or all outside traffic. Ideally you would not do so, a company like Ares or MTC will have thousands of people connected remotely, it would mean severing them as well. It is possible, but not practical. Instead of just IC you would also have other deckers in there, which is something that was not really reflected in previous editions. Mind you, having someone continually doing security audits would be tedious, since there are programs and sk's that will be combing the system. Re Jamming there are a few different methods. You can do a raw all signal jam that would try and cancel all signals for that frequency. I think that trying to jam a specific signal in the midst of an open spectrum would be like trying to change the direction of a river by squirting a water pistol into it. |
||||
|
|
|
||||
|
Aug 22 2005, 04:07 PM
Post
#29
|
|||
|
panda! Group: Members Posts: 10,331 Joined: 8-March 02 From: north of central europe Member No.: 2,242 |
yes but its overrideable by the attacker right? this makes it at best a software disconnect. im talking about physicaly pulling the plug... and the damage depends on the level of traffic that the host gets. still, if its a high outside traffic host then yes, pulling the plug would be bad. but if you had a vanishing san solution going it was a bit strange that there wasnt a routine of having the resident decker pull the physical plug after the scheduled connection was indicated as disconnected :P |
||
|
|
|
||
|
Aug 22 2005, 04:13 PM
Post
#30
|
|
|
Manus Celer Dei Group: Dumpshocked Posts: 17,013 Joined: 30-December 02 From: Boston Member No.: 3,802 |
The damage depends on a lot of things.
~J |
|
|
|
|
Aug 22 2005, 04:16 PM
Post
#31
|
|||
|
Mr. Johnson Group: Dumpshocked Posts: 2,587 Joined: 25-January 05 From: Berkeley, CA Member No.: 7,014 |
It's an opposed Firewall + System test against the hacker's Exploit + Hacking skill. If the hacker used a passcode instead of Exploit, then the Exploit program does not apply. System Reset is an Extended System + Response test (10, 1 Combat Turn) and can't be stopped.
|
||
|
|
|
||
|
Aug 22 2005, 04:22 PM
Post
#32
|
|||
|
panda! Group: Members Posts: 10,331 Joined: 8-March 02 From: north of central europe Member No.: 2,242 |
i didnt say a systemwide killswitch, only one on the connection between the matrix and the host. ie, eqivalent of pulling the ethernet cable... so only point 1 and 5 realy apply. that is unless for some reason they have not yet reinvented resume ability on file transfers :P |
||
|
|
|
||
|
Aug 22 2005, 04:24 PM
Post
#33
|
|
|
Manus Celer Dei Group: Dumpshocked Posts: 17,013 Joined: 30-December 02 From: Boston Member No.: 3,802 |
Then change points 3 and 4 to deal with loss of network connection, reducing severity as appropriate. Point still remains.
~J |
|
|
|
|
Aug 22 2005, 04:27 PM
Post
#34
|
|||
|
panda! Group: Members Posts: 10,331 Joined: 8-March 02 From: north of central europe Member No.: 2,242 |
yes it will allways be a harsh response but sometimes its a needed response no matter the costs. given stuff like CI i would not do so against most script kiddies and so on, but when someone in the area of fastjack or similar then nothing else may be effective... this followed by a full backup of all data files and a complete reinstall of all software to make sure that whoever visited didnt leave a backdoor or root kit :P |
||
|
|
|
||
|
Aug 22 2005, 04:48 PM
Post
#35
|
|
|
Manus Celer Dei Group: Dumpshocked Posts: 17,013 Joined: 30-December 02 From: Boston Member No.: 3,802 |
If it's against someone like FastJack and you get that much warning, they screwed up.
~J |
|
|
|
|
Aug 22 2005, 04:49 PM
Post
#36
|
|
|
Traumatizing players since 1992 Group: Dumpshocked Posts: 3,282 Joined: 26-February 02 From: Las Vegas, NV Member No.: 220 |
You think too complicated, it doesnt have to be a software kill switch, but a physical one. a simple unlinked non matrix accessed copper wire with a current so when the current dies a solenoid stops working and the wireless connection physically unplugs. That's just an example of lowest common demoninator security that's a whole lot better than what's offered. Same as in SR 3 when an intrusion is detected just physically knock the server off the net. KISS.
in SR4 fastjack MAY roll 2 or so more dice that everyone else. Elite hackers are no longer so. |
|
|
|
|
Aug 22 2005, 05:09 PM
Post
#37
|
|
|
Manus Celer Dei Group: Dumpshocked Posts: 17,013 Joined: 30-December 02 From: Boston Member No.: 3,802 |
It isn't (always) better for all the reasons I list above. Knocking servers off the 'net is a big thing to do.
The fact that it's a physical kill switch makes the actual connection-cutting easier, but makes the side effects worse. Your point that elite deckers aren't anymore, sadly, stands. ~J |
|
|
|
|
Aug 22 2005, 05:22 PM
Post
#38
|
|
|
Traumatizing players since 1992 Group: Dumpshocked Posts: 3,282 Joined: 26-February 02 From: Las Vegas, NV Member No.: 220 |
Oh, I'm aware of the ramifications. I work in IT myself, but given the choices under the circumstances with which we're dealing I would definitely lop off my wireless net connectivity in exchange for hobbling an intrusion. heck, in this instance you don't even have to kick a server off the net as long as you have a physical connection to the net. Kick off the wireless users and allow it a few seconds to do a graceful shutdown of errant connections, or instead simply suspend them.
Either way it gives a simple option better than "let wireless hackers give me the proverbial salami". :D |
|
|
|
|
Aug 22 2005, 05:25 PM
Post
#39
|
|
|
Manus Celer Dei Group: Dumpshocked Posts: 17,013 Joined: 30-December 02 From: Boston Member No.: 3,802 |
There's also the issue that in general it should be assumed that an intrusion isn't identified in the course of normal decking. Active Alert is the earliest point I'd consider intrusion to be confirmed.
~J |
|
|
|
|
Aug 22 2005, 05:27 PM
Post
#40
|
|||
|
Traumatizing players since 1992 Group: Dumpshocked Posts: 3,282 Joined: 26-February 02 From: Las Vegas, NV Member No.: 220 |
I was also thinking in cases where my sec team is shooting at someone. I wasn't thinking about silent intrusions, this doesn't really apply in that case. :) |
||
|
|
|
||
|
Aug 22 2005, 05:28 PM
Post
#41
|
|||
|
Moving Target Group: Members Posts: 442 Joined: 23-April 04 From: Pennsylvania Member No.: 6,280 |
I don't understand why people are sad about the apparent lack of "l33tness" in SR4 characters. (This statement is off topic and no one needs to respond to it.) |
||
|
|
|
||
|
Aug 22 2005, 05:28 PM
Post
#42
|
|
|
Manus Celer Dei Group: Dumpshocked Posts: 17,013 Joined: 30-December 02 From: Boston Member No.: 3,802 |
Ah, I see. Yes, I could see that happening in those cases, especially if a wireless network is present.
Nerbert: you don't understand why we're sad that legends in their own time are now marginally better than everyone else? ~J |
|
|
|
|
Aug 22 2005, 05:34 PM
Post
#43
|
|||
|
Dragon Group: Members Posts: 4,718 Joined: 14-September 02 Member No.: 3,263 |
Yes, it's sad when the hero gets grit on his chrome pedestal, leading to him appearing mortal. |
||
|
|
|
||
|
Aug 22 2005, 05:40 PM
Post
#44
|
|||
|
Moving Target Group: Members Posts: 502 Joined: 14-May 03 From: Detroit, Michigan Member No.: 4,583 |
Exceptional skill quality (hacking) (7) plus Exceptional attribute quality (edge) (7) plus Logic 6 would still make FastJack someone who could toast most matrix systems. ( 20 exploding dice on a single matrix test. If I'm not mistaken. Seven times between each refresh ) |
||
|
|
|
||
|
Aug 22 2005, 05:42 PM
Post
#45
|
|||
|
Moving Target Group: Members Posts: 442 Joined: 23-April 04 From: Pennsylvania Member No.: 6,280 |
More to the point, I don't see why "legends in their own time" ever existed at all (I don't mean that they shouldn't exist, just that they shouldn't necessarily be any more then marginally better then everyone else.). In the real world people like FastJack and Cpt. Chaos are legendary precisely because of the nature of Legends. Someone did something somehow and the details get lost in the bragadoccio. Check out the Firefly episode Jaynetown for the kind of thing I'm talking about. (Heh, check it out anyway, it might be one of the best pieces of television ever written.) Quick summary, a man steals a lot of money from a work crew boss, he's flying overhead with the money, his ship is damaged and he has to push the money over the side in order to make good his escape, the money falls on the enslaved workers and afterward they revere the man as a hero even though he was really just a thief who would have kept the money for himself. |
||
|
|
|
||
|
Aug 22 2005, 05:47 PM
Post
#46
|
|||||
|
Dragon Group: Members Posts: 4,718 Joined: 14-September 02 Member No.: 3,263 |
I think it would be Exceptional Attribute (Logic) for Logic (7), likely the appropriate attribute though maybe there are others, plus Lucky to give him Edge ( 8 ) if he is human. For some reason i always thought of Fastjack as human, but now that i think about it more i'm not sure there is any direct canon evidence of his metahuman status. EDIT: Given past min-maxing rules i suppose he would be a blind albino elf or something. ;) |
||||
|
|
|
||||
|
Aug 22 2005, 05:51 PM
Post
#47
|
|||||
|
Traumatizing players since 1992 Group: Dumpshocked Posts: 3,282 Joined: 26-February 02 From: Las Vegas, NV Member No.: 220 |
Yep, and that's what, two dice better (if that) than a starting jackass can get for just penciling it in on a character sheet. In the real world there are people out there that are more than a tad more competent that Joe jackass, but in SR4 the degree of competency of Wayne World Class over Normal Joe is shockingly Jack Squat. It's just annoying for a starting character to be able to say "Hey, if anyone can beat me in melee it will only be dumb luck, im literally and provably the best in the world." |
||||
|
|
|
||||
|
Aug 22 2005, 06:11 PM
Post
#48
|
|
|
Incertum est quo loco te mors expectet; Group: Dumpshocked Posts: 6,548 Joined: 24-October 03 From: DeeCee, U.S. Member No.: 5,760 |
*sigh* Stupid boss made my post late. I'll put it up anyway.
Keep in mind, security is based on three things: Confidentiality, Integrity and Availability. A hostile decker may threaten all three, but shutting down certainly threatens the lattermost. In many cases, it will not be preferable, especially when you can throw IC at it, shut down particular parts, or keep the decker busy for a few more seconds until your own deckers get in to deal with him. In any cases where availability is the most important aspect of the system's security, shutdowns will be far more unusual compared to other methods. Of course, if the question is confidentiality or integrity above all (such as a research server), shut down may be pretty close to top of the list. |
|
|
|
|
Aug 22 2005, 09:42 PM
Post
#49
|
|||
|
Moving Target Group: Members Posts: 117 Joined: 17-February 05 Member No.: 7,094 |
...And years of acquiring resources, contacts, equipment, etc. Which, apparently, can add up. It almost sours my stomach to use a 3rd edition D&D example, but you'll note that a +5 l337-Longsword-Of-Floofy-Elfishness is alot better than your run of the mill Shortsword. Especially if you know some people that can enchant it with Floofy-Elf slaying. SR4 equivalent? Whiz Deck-erm-Hacking gear, plenty of pull inside the shadows, a dominatingly powerful reputation, and years of knowledge acquiring the, as they say, tricks of the trade. |
||
|
|
|
||
|
Aug 23 2005, 01:02 AM
Post
#50
|
|||
|
Target Group: Members Posts: 85 Joined: 12-June 03 Member No.: 4,720 |
Very very good point. Ideally, for each host (or host type, or groups of host types, etc.) there will be a policy. This policy will be well-known to anyone on the level1 reaction (NOC) staff. Even better, the policy will be applied by automated systems that are able to make responses based on heuristics or logic-chains. Of course...those automated systems often screw up royally and kill one part of the CIA model (usually the A :P). Incident Handling is a very very touchy subject and in doing any research into the topic you will find various means of dealing with this. Some orgs choose the 83-page document that covers every possible means of reaction to intrusion, others will go with a general reaction process document around the size of 15 pages. It's all dependent on what fits your organization best, and how you choose to deal with an incident. Some will contact the authorities, others will not, etc. As a security professional these days you will find yourself part techie, part project manager, part legal professional, and part researcher. I don't imagine it will be much different in the SR timeline. Back to topic - wireless networks...as far as general access to corporate/gov networks I'm sure wireless is totally ubiquitous. However, at a secure facility it would practically be suicide to make any secure host (i.e. server, NAS or SAN) directly available on this wireless network. I'd imagine they would all be wired, behind so many firewalls, semi-intelligent intrusion detection and/or prevention devices, that access to them would be pretty difficult without the necessary permissions. As much as anyone says Defense in Depth (or the "castle theory", or "layered security", or whatever you want to call it) is dead, it will always be applicable just as it has been since the first wooden stakes were put up around sheep. Generally accessible servers (i.e. web servers running over ubiquitious and compromisable ports) will always be in a lower-security segregated subnet (and maybe even accessible wirelessly), while the servers with the real jewels will be wired, in a secure physical location and - one would hope - with the best host-based security money can buy. Oh, ok all that in an ideal situation. Given budgetary considerations I'm sure that only a few, select installations are like this. And the Safeway on XXX and XXX streets is not one of them ;) |
||
|
|
|
||
|
|
Lo-Fi Version | Time is now: 28th June 2026 - 03:09 PM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.