The rules tell us that people use their comlink for just about everything - its their interface for working, communication and entertainment. He's an example that I need help to understand.
Joe Wageslave is at home with his comlink on running on a public network in passive mode. I think we all agree that if you know Joe's commcode #, you can hack his comlink. My first question is what if you know his commcode and he's in hidden mode? I assume that the comlink appears to be off but that a successful "Matrix Perception" would let you know that he's actually just hiding. Sound reasanoble?
The next part of my problem happens when Joe Wageslave goes to work in the morning. Lets say Joe works for a AA corp in a large complex that has its own private wireless network. Is Joe's (and every other employee's) comlink not a huge security flaw? Theoretically just by knowing Joe's commcode anyone could hack his comlink and spy on his work. Joe's comlink should be much easier to hack than the corporate network.
My idea for a solution to this is that while a work, Joe's comlink subscribes to the corporate network and not the public one. The corportate network allows legitimate trafic through (i.e. phone calls and email) but denies all other access. If you wanted to hack Joe's commlink while he is at work, you'd then have to first get through the corporate fireweall.
Does this sound reasonable? Am I on the right track?
Full Version: Comlinks at Work
| QUOTE |
| Theoretically just by knowing Joe's commcode anyone could hack his comlink and spy on his work. Joe's comlink should be much easier to hack than the corporate network. |
at work, the operational range of the commlink would likely be contained within the building. Which means you'd need into the building to do such a thing.
Second, most buildings that are easy to get into, you're not going to find much useful information, ah look joe wageslave is filing another tps report....
Third, security decker(s) would likely be monitoring activity for unusual bandwidth usage etc.
Your reasoning is sound. Keep in mind however, that the human element is always the weakest link in any security plan.
Sure, the office building may be set up so that inside the building, you can only access the corporate network, and not the public grid, but maybe Joe's on his lunch break and wants some outside access for whatever reason (His company blocks access to the sports news sites, and he wants to check the latest scores for his Urban Brawl team). Joe cracks open a window, slips an antenna on an extension cable outside, and then closes the window back.
Sure, the office building may be set up so that inside the building, you can only access the corporate network, and not the public grid, but maybe Joe's on his lunch break and wants some outside access for whatever reason (His company blocks access to the sports news sites, and he wants to check the latest scores for his Urban Brawl team). Joe cracks open a window, slips an antenna on an extension cable outside, and then closes the window back.
and you still have access to at most what he's seeing, and trust me, people with access to the good paydata, aren't retards that hang a open connection out just to catch the sports.
Also, unless he demands a certain station, most corporations promote a healthy environment for those sorts of things and create thier own stations for such things or have a subscribed service for it, (similiar to how some companys do today in employee lounges) these are AA and AAA corps we're talking about largely (and less tend to have less paydata)
Having access to his node doesn't mean you have access to anything good regardless.
You've just bypassed one security point out of many.
Also, unless he demands a certain station, most corporations promote a healthy environment for those sorts of things and create thier own stations for such things or have a subscribed service for it, (similiar to how some companys do today in employee lounges) these are AA and AAA corps we're talking about largely (and less tend to have less paydata)
Having access to his node doesn't mean you have access to anything good regardless.
You've just bypassed one security point out of many.
Heya RunnerPaul, good questions both. Personally, having worked at a Financial Institute, I disagree with Liper suggesting that a retard would be hanging an antenna out like that, I guarantee that would be an almost common practice actually.
However, I believe that Joe's PAN is only going to give info from Joe, not the Corporation. Sure, you could possibly read the precise files he's accessing, but not much more than that, definitely not complete access into the intranet of the company he's working for, or even information he has access to, only to things he's accessing or has stored for data in his own personal PAN.
I don't think you should view him as a back-door, but rather as a limited node. He's great if he's willingly helping you (Ie: agreeing to view the information at a certain time so you can 'view' it over his shoulder), but randomly picking Joes to find information (and hoping they're looking right at the info you want when you hack them) would be more horrendous than just hacking the Corp's network.
Sphynx
However, I believe that Joe's PAN is only going to give info from Joe, not the Corporation. Sure, you could possibly read the precise files he's accessing, but not much more than that, definitely not complete access into the intranet of the company he's working for, or even information he has access to, only to things he's accessing or has stored for data in his own personal PAN.
I don't think you should view him as a back-door, but rather as a limited node. He's great if he's willingly helping you (Ie: agreeing to view the information at a certain time so you can 'view' it over his shoulder), but randomly picking Joes to find information (and hoping they're looking right at the info you want when you hack them) would be more horrendous than just hacking the Corp's network.
Sphynx
| QUOTE (Sphynx @ Jan 3 2006, 04:40 AM) |
| Personally, having worked at a Financial Institute, I disagree with Liper suggesting that a retard would be hanging an antenna out like that, I guarantee that would be an almost common practice actually. |
I know I'll feel safer about my money in the bank after hearing that.
| QUOTE |
| However, I believe that Joe's PAN is only going to give info from Joe, not the Corporation. |
Nodes connect to other nodes. Having gained access to a node, you then can access any other node its connected to, could you not? That's the whole thinking behind a tiered network design as described in the book.
Financial Institute != Bank 
The average person working at a financial institute is little more than a data processor. He takes reports, puts the data into forms that calculate stuff like residual interest and accrued income. My job is to remove the need for him by programming something to do that automatically. So who knows, maybe in 2070 they won't even need such people in buildings. 
As for node to node, getting into his PAN only opens a path to the AN of the corp. You'd still have to hack through their firewall from that point. All you've done is put a middle-man where no middle-man was needed.
In today's security, I write stuff like VisualBasic FTP programs to limit access to data. Rather than grant FTP access to that processor guy, I write a program that let's him grab via FTP protocol only 1 of X number of files. So, using a today's example, if you got onto his computer, and used it to get on the intranet (assuming you had his passwords, which are accessable if you're a hacker and have hacked into his computer), you'd find you couldn't get on the intranet directly (no shell accounts anywhere), and could only 'read' files that he's allowed access to.
I believe the same thought process applies in the nodes with a PAN. His PAN is today's Laptop. Just because he plugs that network cable into his laptop doesn't mean you get full access to the network he's plugged into. Firewalls prevent that. Best you can do is see what's on his laptop, and if you're lucky, find a program on his laptop that will have the access you need (which is guaranteed not to be shell access unless he's the IT manager or something). And trying to hack from his laptop into the network is alot harder than hacking into the network via wireless antenna (in today's world anyhows), and hacking directly. Using his Laptop you'd be limited to the processing speed of his laptop, and hope he's not using alot of that himself.
As such, converting the terminology to PAN, you'd find yourself limited to his System and Response to still hack into the Corps primary node instead of using your own SotA system.
That make sense? Of course, as seen by my not quoting quotes from the book, this is just my IT Common-Sense speaking, not neccessarily by-the-book. Ie: nothing more than a liberal interpretation.
Sphynx
The average person working at a financial institute is little more than a data processor. He takes reports, puts the data into forms that calculate stuff like residual interest and accrued income. My job is to remove the need for him by programming something to do that automatically. So who knows, maybe in 2070 they won't even need such people in buildings. As for node to node, getting into his PAN only opens a path to the AN of the corp. You'd still have to hack through their firewall from that point. All you've done is put a middle-man where no middle-man was needed.
In today's security, I write stuff like VisualBasic FTP programs to limit access to data. Rather than grant FTP access to that processor guy, I write a program that let's him grab via FTP protocol only 1 of X number of files. So, using a today's example, if you got onto his computer, and used it to get on the intranet (assuming you had his passwords, which are accessable if you're a hacker and have hacked into his computer), you'd find you couldn't get on the intranet directly (no shell accounts anywhere), and could only 'read' files that he's allowed access to.
I believe the same thought process applies in the nodes with a PAN. His PAN is today's Laptop. Just because he plugs that network cable into his laptop doesn't mean you get full access to the network he's plugged into. Firewalls prevent that. Best you can do is see what's on his laptop, and if you're lucky, find a program on his laptop that will have the access you need (which is guaranteed not to be shell access unless he's the IT manager or something). And trying to hack from his laptop into the network is alot harder than hacking into the network via wireless antenna (in today's world anyhows), and hacking directly. Using his Laptop you'd be limited to the processing speed of his laptop, and hope he's not using alot of that himself.
As such, converting the terminology to PAN, you'd find yourself limited to his System and Response to still hack into the Corps primary node instead of using your own SotA system.
That make sense? Of course, as seen by my not quoting quotes from the book, this is just my IT Common-Sense speaking, not neccessarily by-the-book. Ie: nothing more than a liberal interpretation.
Sphynx
| QUOTE (Sphynx) |
| As for node to node, getting into his PAN only opens a path to the AN of the corp. You'd still have to hack through their firewall from that point. All you've done is put a middle-man where no middle-man was needed. |
Yes, it would be pretty useless if the company's systems had a homogenous distribution of firewall ratings and other computer security resources throughout, however, in a tiered network structure setup, it's not evenly spread. Instead, the highest rated firewalls and other security measures are concentrated in gateway and chokepoint nodes.
For example, say this company has their system connect to the matrix itself. The node that serves as this gateway is bound to have a top of the line firewall, heavy encryption on that node's links to other nodes in the company's network, possibly a stealth program running in order to turn those links to other nodes into hidden "back doors", and an agent program residing in the node 24/7, running analyze looking for any and all personas logged into the node, and when it finds them, using the analyze program again to find out if that persona logged in with an account that has a passcode that's been properly linked to the passkey that the company issues for it's remote telecommuters. In other words, if you were trying to get into the accounting node from the outside matrix, this'd be "a tough nut to crack".
But for the nodes that are behind this gateway node, there's not as much call for such heavy handed measures. The accounting node itself doesn't connect to the outside matrix, and any path in from the outside matrix passes through the heavy security gateway node. It'd be foolish to have no security on the accounting node, but it doesn't have to be as heavy. Reactive IC instead of an Agent running full time on the node. Encryption on a few key files instead of on every connection to every other node in the company network.
Now, in the building itself, there are terminals that connect directly to the accounting node, but with the wifi resistant paint on the outside of the building, you'd actually have to be sitting at one of those terminals to get access that way, which means going past the cameras and armed security guards in the lobby.
That is, until Joe in accounting gets tired of the company policies and dangles that extension antenna out the window. Suddenly, that accounting node that had been optimized for lighter security to promote better workflow, is not as secure as it was before, because the base assumption of "You either have to come through our high security gateway node or be sitting in the building at one of our terminals" no longer completely applies.
| QUOTE |
| As such, converting the terminology to PAN, you'd find yourself limited to his System and Response to still hack into the Corps primary node instead of using your own SotA system. |
SR4 seems to be working from an assumption that wireless devices bridge together all connections that get made to them in order to promote mesh networking. In short, you're not so much trying to take over Joe's commlink to stage your attack from there, as you're just trying to access it to be able to access what it's connected to. Joe's commlink doesn't become your new base of operations, it's just another point on your datatrail.
Thanks all
I agree that by hacking someone's comlink while at work the best you could do is "shoulder surf" and see what files they are acessing. This however wouldn't prevent you from copying or modifying the files, or would it???
So what do you think about my orginal point?
Is it reasonable that corps would have their employees subscribe to a private network while at work, thus making the comlink inacessable from the public network?
Of course there's a million ways that an emplyee could screw up the system.
I agree that by hacking someone's comlink while at work the best you could do is "shoulder surf" and see what files they are acessing. This however wouldn't prevent you from copying or modifying the files, or would it???
So what do you think about my orginal point?
Is it reasonable that corps would have their employees subscribe to a private network while at work, thus making the comlink inacessable from the public network?
Of course there's a million ways that an emplyee could screw up the system.
I doubt that workstations are actually obsolete. I see a normal person's commlink as performing the roles of a real world cellphone, wallet, pda, and ultra-portable laptop computer. People in the real world have all those things and still log into a workstation at work. Even telecommuters frequently have dedicated work computers at home.
I see no reason why it wouldn't be possible to extrapolate from the PAN centered around a commlink to a VPN centered around a workgroup server. In this setup, each workstation on the VPN is configured to only access the matrix through an encrypted channel to the workgroup server. In order to mess with a workstation, you either need to find the user breaking the security policy by setting up an insecure matrix connection, hack the workgroup server, or Decrypt the VPN link and then use Spoof to trick the workstation into thinking that you're the workgroup server (the other way around is interesting too).
Commlinks could be VPN nodes too, in which case all the comm traffic would be routed through the workgroup server. Ack! Employers would log all their employee's cellphone calls.
I see no reason why it wouldn't be possible to extrapolate from the PAN centered around a commlink to a VPN centered around a workgroup server. In this setup, each workstation on the VPN is configured to only access the matrix through an encrypted channel to the workgroup server. In order to mess with a workstation, you either need to find the user breaking the security policy by setting up an insecure matrix connection, hack the workgroup server, or Decrypt the VPN link and then use Spoof to trick the workstation into thinking that you're the workgroup server (the other way around is interesting too).
Commlinks could be VPN nodes too, in which case all the comm traffic would be routed through the workgroup server. Ack! Employers would log all their employee's cellphone calls.
| QUOTE (Orb) |
| Is it reasonable that corps would have their employees subscribe to a private network while at work, thus making the comlink inacessable from the public network? |
More than reasonable. It's probably standard business practice.
that way you can track their email++
I envision the "standard" corporate scenario being thusly:
Bob W. Slave gets up in the morning when his Comm tells him to and takes a shower. Over breakfast he checks the email that was forwarded to his comm. His email is all encrypted by the corporate system so he has decrypt them first. Being a lower-echelon slave, the encryption probably isn't necessary but the corporation doesn't see the point in having multiple systems to support. Bob's comm can't run the required level of encryption so he's not able to access the company's network remotely or even reply to his email.
His office is in a shared megaplex rather than one of the big arcos so he stays on the public phone system until he steps through the office doors. The wireless shielding blocks out everything but his company LAN. The company requires encryption on all wireless communication with the servers. Given Bob's barely-adequate Comm he's limited to making calls to the outside world and some websurfing, and even that goes through the company firewalll.
Logging into the network causes the security doors to open, letting him get to his cubicle farm. Except they got rid of the cubicles years a few years back; AR makes the walls redundant. He grabs a cup of soyacaf and sits in his surprisingly comfortable chair. He was surprised when he got out of college that the chairs were so nice until he realized that pain is a distraction that lowers productivity and a chair is relatively cheap.
He sets his comm into its docking cradle (wired connection) at which point it becomes little more than a gateway to the corporate network. Bob makes sure his peripherals are still set to minimum range (Signal 0). If he was on a more secure floor he'd need even his peripherals to be encrypted or skinlinked but as a general paper pusher the physical security was considered sufficient. The world shivers a bit as the loads his corporate approved AR interface (Private Jr. Office/Quiet Music/No Plants/Small Window). Bob hops onto the TPS node and gets to work. Bob does lots of TPS reports. He's secretly happy about the AI meltdown a few years ago since it killed the TPS AI project. Bob never actually loads a TPS report onto his comm; all the data stays on the server. Not that Bob would want to keep a TPS report.
Steve is one of Bob's friends. Steve works on time-critical applications that sometimes require remote access, so he has a comm able to handle the encryption. Steve's day is similar (wake up, read encrypted email) except that Steve can reply to emails and log onto the corporate network from home or in the car.
When Steve walks into the office he can immediately begin accessing the network. All of Steve's peripherals are skinlinked or encrypted. It doesn't matter when he visits Bob in TPS-land but things are different on his floor. He remembers the time that Simmons accidentally picked up his son's encryption-free earbuds and was visited by a pair of stern security staff when a routine scan detected an unencrypted communication. Simmons was made fun of as much for his choice in Japanese Kawaii pop music as he was for failing to meet corporate security guidelines.
Steve looked around his office in pleasure. Sure, Bob had his VR office, which was almost identical, but its different when you have real solid walls. Too bad Bob's security level was too low. The only way Bob could visit was through AR or by leaving his comm at the security desk (Bob's firewall did not meet the standard required for devices in that area) and who could get by without a comm?
Steve considered his comm. It was getting near end of life; when he got a new one maybe he'd buy out the old one's lease and give it to Bob as a Wintereenmas gift. Then Bob could finally see the office!
*edited to correct
Bob W. Slave gets up in the morning when his Comm tells him to and takes a shower. Over breakfast he checks the email that was forwarded to his comm. His email is all encrypted by the corporate system so he has decrypt them first. Being a lower-echelon slave, the encryption probably isn't necessary but the corporation doesn't see the point in having multiple systems to support. Bob's comm can't run the required level of encryption so he's not able to access the company's network remotely or even reply to his email.
His office is in a shared megaplex rather than one of the big arcos so he stays on the public phone system until he steps through the office doors. The wireless shielding blocks out everything but his company LAN. The company requires encryption on all wireless communication with the servers. Given Bob's barely-adequate Comm he's limited to making calls to the outside world and some websurfing, and even that goes through the company firewalll.
Logging into the network causes the security doors to open, letting him get to his cubicle farm. Except they got rid of the cubicles years a few years back; AR makes the walls redundant. He grabs a cup of soyacaf and sits in his surprisingly comfortable chair. He was surprised when he got out of college that the chairs were so nice until he realized that pain is a distraction that lowers productivity and a chair is relatively cheap.
He sets his comm into its docking cradle (wired connection) at which point it becomes little more than a gateway to the corporate network. Bob makes sure his peripherals are still set to minimum range (Signal 0). If he was on a more secure floor he'd need even his peripherals to be encrypted or skinlinked but as a general paper pusher the physical security was considered sufficient. The world shivers a bit as the loads his corporate approved AR interface (Private Jr. Office/Quiet Music/No Plants/Small Window). Bob hops onto the TPS node and gets to work. Bob does lots of TPS reports. He's secretly happy about the AI meltdown a few years ago since it killed the TPS AI project. Bob never actually loads a TPS report onto his comm; all the data stays on the server. Not that Bob would want to keep a TPS report.
Steve is one of Bob's friends. Steve works on time-critical applications that sometimes require remote access, so he has a comm able to handle the encryption. Steve's day is similar (wake up, read encrypted email) except that Steve can reply to emails and log onto the corporate network from home or in the car.
When Steve walks into the office he can immediately begin accessing the network. All of Steve's peripherals are skinlinked or encrypted. It doesn't matter when he visits Bob in TPS-land but things are different on his floor. He remembers the time that Simmons accidentally picked up his son's encryption-free earbuds and was visited by a pair of stern security staff when a routine scan detected an unencrypted communication. Simmons was made fun of as much for his choice in Japanese Kawaii pop music as he was for failing to meet corporate security guidelines.
Steve looked around his office in pleasure. Sure, Bob had his VR office, which was almost identical, but its different when you have real solid walls. Too bad Bob's security level was too low. The only way Bob could visit was through AR or by leaving his comm at the security desk (Bob's firewall did not meet the standard required for devices in that area) and who could get by without a comm?
Steve considered his comm. It was getting near end of life; when he got a new one maybe he'd buy out the old one's lease and give it to Bob as a Wintereenmas gift. Then Bob could finally see the office!
*edited to correct
| QUOTE (Orb) |
| Is it reasonable that corps would have their employees subscribe to a private network while at work, thus making the comlink inacessable from the public network? Of course there's a million ways that an emplyee could screw up the system. |
If its within signal range and not interfered with, you can hack it, regardless of what 'network' its on. The wonders of the WiFi age.
Even better, you can hack it and proxy your hacking on the corp server through it, pinning the blame on john q. wageslave.
excelent writing there kigmatzomat.
Kigmatzomat, thanks. You're explaination is excellent and more or less the way I was starting to think.
| QUOTE (kigmatzomat @ Jan 4 2006, 08:51 PM) |
| Steve considered his comm. It was getting near end of life; when he got a new one maybe he'd buy out the old one's lease and give it to Bob as a Wintereenmas gift. Then Bob could finally see the office! |
First, I like the narration. It gives off the very consumerist mood of SR4 nicely.
Second, boom, security hole. Hack Bob's 'brand new' firewall authorized commlink when he's on the way to work, upload an agent to download the paydata when Bob goes to see Steve's office. With any luck, such a routine operation won't be seen as anything out of the ordinary*, since the source machine has the operating rights. When Bob leaves, the Agent sends the data to a pre-arranged location and deletes itself.
Even if it gets spotted there's no digital fingerprints, and Bob takes the fall for poor security consciousness.
*You can have all the information in the world, analysis can't be done by machines, it requires man-hours...and man-hours are nuyen not going to pad board members' wallets!
| QUOTE (kigmatzomat @ Jan 4 2006, 03:51 PM) |
| The company requires encryption on all wireless communication. Given Bob's barely-adequate Comm he's limited to making calls to the outside world and some websurfing, and even that goes through the company firewalll. |
The part about the company requiring encryption on any wireless transmissions in the building is good, but this raises an interesting issue.
When Bob gets to his chair and docks his comm to access the corporate system, the comm and the corporate host are using wired communications, but what about the wireless links between Bob's comm and his peripheral devices such as goggles and earbuds? Does he have to wire everything up? I figure that since Bob can't afford a better comm, skinlinked peripherals may also be out of his pricerange.
The reason this is important, is that while the Encrypt program that encrypts the data that gets sent to Bob's goggles to generate the AR overlay is running on the horsepower of the company server, Bob needs to be able to enter the proper password to decrypt the signal being sent to his goggles. He can't enter the password on the goggles themselves, as they have no meaningful User Interface for input; they're designed to have input passed to them via comm from another device.
So the question is, is the limited encryption on wireless that Bob's comm is capable of generating, which the company says is only sufficent for Bob's personal activities, enough to protect from easvesdropping the passcode that unlocks the stronger encrpytion scheme that the company's system generates?
I think it has just as much to do with Bob's peripherals signal range being 2 meters.
| QUOTE (PlatonicPimp @ Jan 4 2006, 08:16 PM) |
| I think it has just as much to do with Bob's peripherals signal range being 2 meters. |
You mean 3m. Even something with a Signal 0 has a range of 3m.
Though that raises an interesting question. Just what is the Signal rating of your off-the shelf set of AR gloves/goggles/ear buds? Looking at the Signal Rating Table, Intra-PAN Devices is on the line for Signal 0, and I'd say these are classic examples of Intra-PAN devices.
However, the equipment chapter says that AR Gloves have a Device Rating of 3, which by the rules as written means they have Signal 3 also. This is supported by the table listing device ratings for Sample Devices, which lists standard personal electronics at 3 also.
Of course, this isn't the first time this has come up (see the infamous credstick transmitter thread), and is just another good reason to divorce Signal from Device Rating.
As for the limited range of a very low signal peripheral being a protection against eavesdropping passwords for high level encryption that are being transmitted under a low level encryption, I'll buy that. Just means the runners would have to get within 3m to "shoulder surf" Joe's password, which sets up some interesting situations.
And interesting situations are the point, no?
Going back to something earlier in the thread, the fact that the cubicle farm has no more cubicles.
Would WiFi inhibiting cubicle walls be feasible? You could cut down that 3m distance that your wireless peripherals are vulnerable to eavesdropping down to something a lot smaller. Of course since all you need is a chair and a docking station, these cubicles could absolutely claustrophobic: 1m by 1.5m should do the trick.
Of course, since they aren't full height walls, so a spiderdrone crawling on the ceiling would be able to trace line of sight to an employee's comlink and avoid the WiFi shielding, but it deters casual "walk-by" signal eavesdropping.
It's probably overkill for the lowest tier of security, but for those employees who handle slightly sensitive data that you don't want to blow a full office on, it'd seem like a good option.
Besides, I kind of like the idea of coffin-cubicles.
Would WiFi inhibiting cubicle walls be feasible? You could cut down that 3m distance that your wireless peripherals are vulnerable to eavesdropping down to something a lot smaller. Of course since all you need is a chair and a docking station, these cubicles could absolutely claustrophobic: 1m by 1.5m should do the trick.
Of course, since they aren't full height walls, so a spiderdrone crawling on the ceiling would be able to trace line of sight to an employee's comlink and avoid the WiFi shielding, but it deters casual "walk-by" signal eavesdropping.
It's probably overkill for the lowest tier of security, but for those employees who handle slightly sensitive data that you don't want to blow a full office on, it'd seem like a good option.
Besides, I kind of like the idea of coffin-cubicles.
Would you even be able to get the password at that range? The low-level encrypted information in that situation would simply be display information, sent to the glasses, datajack, earbuds, whatever. The encryption, firewall, everything security-related would presumably be handled automatically between the commlink and the wired connection, and any connection with the comm would still need high level encryption access, right? So shoulder-surfing within 3m, sure, but that still wouldn't get you root on his link.
| QUOTE (TheScrivener @ Jan 5 2006, 04:20 AM) |
| Would you even be able to get the password at that range? The low-level encrypted information in that situation would simply be display information, sent to the glasses, datajack, earbuds, whatever. |
It comes down to whether or not you think the act of entering the password would get the benefit of the higher level encrypt. To me, that seems like letting someone benefit from an encrypted communications link before they've proven that they're authorized to access it. However it does seem like a rather obvious security hole.
Then again, if all the security holes were plugged tight, SR probably wouldn't be as fun.
One thing to consider. If password entry to access an encrypted link is allowed to be protected by the encryption on the link, conceivably, someone could repeatedly enter wrong passwords down the link as an alternative to transmitting data down the link in the proper manner.
In the end, it's a question of which one is the more interesting scenario: A brief window of oporutnity where a determined electronic eavesdropper can swipe a password, or encrypted links that can be exploited for one way traffic use.
Maybe even there's a chance that both could peacefully co-exist. Either by having different versions of Encrypt handle it differently, or by having it be an option the user chooses when he runs the encrypt on a communicatons link.
| QUOTE (RunnerPaul) |
| Though that raises an interesting question. Just what is the Signal rating of your off-the shelf set of AR gloves/goggles/ear buds? Looking at the Signal Rating Table, Intra-PAN Devices is on the line for Signal 0, and I'd say these are classic examples of Intra-PAN devices. However, the equipment chapter says that AR Gloves have a Device Rating of 3, which by the rules as written means they have Signal 3 also. This is supported by the table listing device ratings for Sample Devices, which lists standard personal electronics at 3 also. |
Yes, but once you implement the optional rules from Unwired that reduce your signal for being in a high-traffic area or sunspots or whatever, then round down to the next whole number, you'll still have a signal left so the device will still work.
(for the record, I'm no one important and I'm totally guessing about optional rules from Unwired, or whatever the matrix book is going to be called)
| QUOTE (Talain) | ||
Second, boom, security hole. Hack Bob's 'brand new' firewall authorized commlink when he's on the way to work, upload an agent to download the paydata when Bob goes to see Steve's office. With any luck, such a routine operation won't be seen as anything out of the ordinary*, since the source machine has the operating rights. When Bob leaves, the Agent sends the data to a pre-arranged location and deletes itself. Even if it gets spotted there's no digital fingerprints, and Bob takes the fall for poor security consciousness. |
Ehh, this is the same as hacking Steve's comm. Unless you are saying that Steve is the one installing the agent. Plus, the comm would be using Bob's network access rather than Steve's. While it does provide an "in" for the Agent, it starts in TPS land. If you can hack the hand-me-down-from-Steve comm, why not just hack Steve's comm and get Remote Ops level permissions?
I'm glad y'all enjoyed my little story.
| QUOTE (RunnerPaul) | ||
The part about the company requiring encryption on any wireless transmissions in the building is good, but this raises an interesting issue. When Bob gets to his chair and docks his comm to access the corporate system, the comm and the corporate host are using wired communications, but what about the wireless links between Bob's comm and his peripheral devices such as goggles and earbuds? Does he have to wire everything up? I figure that since Bob can't afford a better comm, skinlinked peripherals may also be out of his pricerange. |
Sorry, PEBCAK on my part. I lost a line that says "Bob's low-security floor does not require skinlinked/encrypted peripherals as long as they remain at Signal:0" while I was editing on the fly.
I'll go fix that.
As for why goggles/gloves have rating 3, I can see times where you might want the extra range. Multiple people gaming through a single comm, watching DRMd movies, possibly sharing a BTL with mutliple trodes, or just being able to punch through low-level interference.
| QUOTE (kigmatzomat @ Jan 5 2006, 03:31 PM) |
| Ehh, this is the same as hacking Steve's comm. Unless you are saying that Steve is the one installing the agent. Plus, the comm would be using Bob's network access rather than Steve's. While it does provide an "in" for the Agent, it starts in TPS land. If you can hack the hand-me-down-from-Steve comm, why not just hack Steve's comm and get Remote Ops level permissions? I'm glad y'all enjoyed my little story. |
You don't hack Steve's comm because you can't get in the building or get through the WiFi shielding on the walls, and despite the hardware's encryption being the same, Bob is much less security conscious than Steve, and probably lives in a part of town that has significantly fewer resources to prevent an illicit hack, being a john q. wageslave.
Further, since Steve has access to valuable paydata, the security staff will be paying much more attention to activity coming from his Comm when the analyze the records, because he has access to things valuable enough to steal. They can't analyze every comm's activities, and obviously the hardware security is more than enough to keep a wage-slave without any access from messing with important files, since they already know none of them are hackers...
Hardware efficiency breeds wetware complacency.
| QUOTE (Talain) | ||||
You don't hack Steve's comm because you can't get in the building or get through the WiFi shielding on the walls, and despite the hardware's encryption being the same, Bob is much less security conscious than Steve, and probably lives in a part of town that has significantly fewer resources to prevent an illicit hack, being a john q. wageslave. Further, since Steve has access to valuable paydata, the security staff will be paying much more attention to activity coming from his Comm |
You said hack Bob's comm on the way in to work. I would be surprised if Bob's route to work is really all that less secure than how Steve gets to work. Plus, Steve is a wageslave too, he's just one with higher access. I will agree Steve probably practices safer computing than Bob out of professional habit so an agent could likely get by longer without being noticed by the Bob.
As to the security system, it shouldn't bother tracking specific devices as much as being a gatekeeper. In other words, the security system doesn't specifically watch Steve any harder than Bob. It does however, watch the Remote Ops servers harder than it does the TPS server and it watches the Remote Ops offices harder than it watches the TPS cube farm.
If all you need is TPS reports, hey, Bob's your patsy. Getting into the Remote Ops server will be harder using Bob's account than Steve's privs. I wager it would be harder to access other nodes from Bob's account simply b/c Steve would start with a higher security level on the network (aka security vs. user) making life that much easier.
I would think that it should be tracking specific devices harder than others, to prevent data theft! After all, if a comm with access to paydata starts exploding with activity, it might very well be downloading some of it to sell to some guy offering meganuyen for industrial espionage, while if a comm with no access starts exploding with activity, he's probably just downloading porn.
I'd say it'd certainly be easier to get in through Steve, but Bob is less likely to be noticed...and more importantly you can code an agent to get you through any security protecting the paydata, but you can't stop them from monitoring activity. It'd be a -harder- way in, but I'd argue a safer one and more likely to net you a bonus from your employer for getting them the data without them being put on alert.
I'd say it'd certainly be easier to get in through Steve, but Bob is less likely to be noticed...and more importantly you can code an agent to get you through any security protecting the paydata, but you can't stop them from monitoring activity. It'd be a -harder- way in, but I'd argue a safer one and more likely to net you a bonus from your employer for getting them the data without them being put on alert.
| QUOTE (Talain) |
| I would think that it should be tracking specific devices harder than others, to prevent data theft! After all, if a comm with access to paydata starts exploding with activity, it might very well be downloading some of it to sell to some guy offering meganuyen for industrial espionage, while if a comm with no access starts exploding with activity, he's probably just downloading porn. I'd say it'd certainly be easier to get in through Steve, but Bob is less likely to be noticed...and more importantly you can code an agent to get you through any security protecting the paydata, but you can't stop them from monitoring activity. It'd be a -harder- way in, but I'd argue a safer one and more likely to net you a bonus from your employer for getting them the data without them being put on alert. |
Monitoring devices is by far the harder part. It's simpler to just protect the paydata. The SR matrix rules bear this out.
Here are the two scenarios:
Agent loaded on Bob's Comm: The agent starts with Bob's "user" level privs. To reach the "paydata" it will need to run a data search first, likely discover there's nothing valuable in Bob's access list, and proceed to hack into a higher class of network; Remote Ops. It has the luxury of "probing" the network to gain access (Bob's at work for 8 hours). It is unlikely that the low security TPS network will have roaming IC that scan the comms but it isn't entirely impossible. As long as it can coax out a password before Bob heads out to lunch it doesn't have to leave the safety of his comm but it is possible it might need to venture out to the network where it could be detected by analyze IC on the servers.
Assuming the firewall doesn't recognize the bogus login, the agent has Remote Ops access and does another data search. Maybe the data's here, maybe it's another level higher.
Scenario 2 Agent loaded on Steve's Comm: The agent has to contend with Steve running an Analyze on the comm to notice its existence but otherwise the agent begins with steve's privs on the Remote Ops level. It can begin data searching on the Remote Ops and TPS servers with little risk of discovery. Maybe the data's here, maybe it's another level higher.
The results from Steve are hours earlier and at much lower risk, IMO.
Well the time is irrelevant. You can't retrieve the agent's download until they leave work anyway.
I'm not worried about what the Agent has to do, as you can program for that, what I'm worried about is a security monkey going over the bandwidth logs and spotting unusual activity from Steve's comm (I believe there's a program for that) and raising an alert. But then I'm assuming that if they have any paydata they're going to be actively watching everyone with access to make certain they don't sell it for ridiculous (for a wageslave) sums of nuyen. For that same reason; you can program around any static firewall or IC defense.
But if you can't keep an eye on everyone because its expensive, why bother keeping an eye on the activity of those who don't have the opportunity to do it?
I'm just extrapolating from modern corps, who already start from the assumption that their workers will screw them whenever they can. SR corps will do the same thing, and have much better ways to curtail their privacy.
I'm not worried about what the Agent has to do, as you can program for that, what I'm worried about is a security monkey going over the bandwidth logs and spotting unusual activity from Steve's comm (I believe there's a program for that) and raising an alert. But then I'm assuming that if they have any paydata they're going to be actively watching everyone with access to make certain they don't sell it for ridiculous (for a wageslave) sums of nuyen. For that same reason; you can program around any static firewall or IC defense.
But if you can't keep an eye on everyone because its expensive, why bother keeping an eye on the activity of those who don't have the opportunity to do it?
I'm just extrapolating from modern corps, who already start from the assumption that their workers will screw them whenever they can. SR corps will do the same thing, and have much better ways to curtail their privacy.
| QUOTE (RunnerPaul) |
| So the question is, is the limited encryption on wireless that Bob's comm is capable of generating, which the company says is only sufficent for Bob's personal activities, enough to protect from easvesdropping the passcode that unlocks the stronger encrpytion scheme that the company's system generates? ... In the end, it's a question of which one is the more interesting scenario: A brief window of oporutnity where a determined electronic eavesdropper can swipe a password, or encrypted links that can be exploited for one way traffic use. |
In real world cryptographic systems, establishing a secure encrypted link using a password without exposing that password is, realistically, a solved problem. In fact, even if you broke the encryption on the resulting secure channel you wouldn't get the password.
Now, snooping a wireless input device for the password is a clever attack that requires a good chunk of effort and will probably work great, but there's no reason to assume that the Encrypt program itself has horrible security holes that make it crappier than the book imples. Hell, as written now any decrypt program will break any encrypt program in trivial time.
| QUOTE (Talain) |
| Well the time is irrelevant. You can't retrieve the agent's download until they leave work anyway. I'm not worried about what the Agent has to do, as you can program for that, what I'm worried about is a security monkey going over the bandwidth logs and spotting unusual activity from Steve's comm (I believe there's a program for that) and raising an alert. But if you can't keep an eye on everyone because its expensive, why bother keeping an eye on the activity of those who don't have the opportunity to do it? |
Most corporations IRL don't do things like logging traffic unless they do it company wide. The expense is in getting the base system in place and having the skilled manpower. Once you have those it is trivial to expand the scope of the system. Same reason Bob's email is encrypted even though he doesn't need it.
If they do monitor network usage in the year 2070 they will be using advanced heuristics. Steve's daily usage will probably be both higher and more irregular than Bob's so the agent has more leeway from Steve's account than Bob (+/-5% of 1000Mp is bigger than +/-5% of 500Mp) plus Steve, as a remote operator, will likely also have a broader operational profile, meaning it is normal for him to occassionally connect to a number of machines across the network. Bob, however, never connects to anything but TPS and his workload is very consistent so any variance will stand out in stark contrast.
Time is definitely a factor for the agent. If it tries to fast-hack to a higher security grade there is little chance it will get the data out successfully via Bob/Steve if it triggers an alert. Probing is the way to go and it could will take several hours to weasel out a login from one network. If the agent is almost ready to get access to the PayData server when Bob's ready to go home the agent will have to start over in the morning.
Using Steve's account he'd be at least one level deeper into the system right from the start, possibly making the difference between a 1-day and a 2-day hack. That second day increases the risks both for the Paydata server noticing the probing and, if any usage logging is done, that an Analyze IC is deployed after noticing 2 straight days of unusual activity. (Note that IMO Analyze IC is as much an HR tool as security. Playing Everhack at work is bad, mmmmkay.)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.