GrinderTheTroll
Sep 1 2006, 05:22 PM
Ok, so you hack Corporation X with Administrator access, and trip a system alert. How much control do you allow with your Admin access? Does your 'Legit' Admin/Security user have the adbility to cancel the alert? If not then who does? For that matter, who "controls" the IC's return/deployment into the system? User action or just programmed autonomy?
I know none of this is really explained in Core rules, but I am curious how much control you grant to your Admin/Security/Personal users in your various Matrix Systems. Obviously the more paranoid the system, the harder it tends to be for any one person to effect too much at once, but someone usually does weild that power.
Thanks for your opinions,
~GTT
Geekkake
Sep 1 2006, 05:48 PM
The way I play it, any alerts would automatically send a message to the system administrator. The real one, directly to their commlink. Thus, while the intruder could cancel the alert and buy themselves a little time away from ice, they can no longer linger with immunity.
GrinderTheTroll
Sep 1 2006, 06:04 PM
| QUOTE (Geekkake) |
| The way I play it, any alerts would automatically send a message to the system administrator. The real one, directly to their commlink. Thus, while the intruder could cancel the alert and buy themselves a little time away from ice, they can no longer linger with immunity. |
But if you have Admin access, wouldn't you also have permissions to do what all Admins can do? I am playing devil's advocate here, but couldn't a player try and hack "that other" type of Admin access too?
Geekkake
Sep 1 2006, 06:06 PM
| QUOTE (GrinderTheTroll @ Sep 1 2006, 01:04 PM) |
| QUOTE (Geekkake @ Sep 1 2006, 10:48 AM) | | The way I play it, any alerts would automatically send a message to the system administrator. The real one, directly to their commlink. Thus, while the intruder could cancel the alert and buy themselves a little time away from ice, they can no longer linger with immunity. |
But if you have Admin access, wouldn't you also have permissions to do what all Admins can do? I am playing devil's advocate here, but couldn't a player try and hack "that other" type of Admin access too?
|
If you knew beforehand that the routine was in place to send the notification to a specific commcode, I see no reason you couldn't change it. Of course, you'd have to know it was there. And I guess you could change it to your own commcode, if you don't mind that whole "exposure" thing.
[edit]: I see what you're saying, here, and I think there's some confusion. I'm not saying Admin access on a node is any different between different admins. There's simply a script in place that sends an alert notification to a specific commcode set in the script. That commcode happens to belong to the actual system administrator on the payroll.
deek
Sep 1 2006, 06:11 PM
I agree with Geekkake on this one. I would even go so far as to having e-mails or whatnot sent to all admins, including the hacker that just gained that access. So, he could certainly be aware of what the alert really triggered, but he can't stop another admin from coming in and "dealing" with 'em.
Once an alert is triggered, the node is aware, IC may be called, but a ton of other notification is going to be sent out...so while the hacker may have admin access now, his time is certainly limited, so he better get out quick!
GrinderTheTroll
Sep 1 2006, 06:22 PM
| QUOTE (deek) |
I agree with Geekkake on this one. I would even go so far as to having e-mails or whatnot sent to all admins, including the hacker that just gained that access. So, he could certainly be aware of what the alert really triggered, but he can't stop another admin from coming in and "dealing" with 'em.
Once an alert is triggered, the node is aware, IC may be called, but a ton of other notification is going to be sent out...so while the hacker may have admin access now, his time is certainly limited, so he better get out quick! |
So the underlying question is, what is the difference between a Hacked Admin and a real Admin? Is there in your systems? Do you specify between different types of Admins in your systems?
If you say alerts are sent to Admins, and the Hack Admin knows, then should he also have the ability to cancel them? If not, then who does cancel them? If the answer is "another Admin" then why can't the Hacker do that as well since he is also an Admin?
DireRadiant
Sep 1 2006, 06:27 PM
The way systems are designed are up to you.
If you've set things up so that if an Admin account is "hacked" or logged into during an Alert so that notifications are sent to other commlinks, then the difference between the "Real" admin and the "Hacked" is that the "Real" admin also has access to the other accounts and can react accordingly. The Hacker will have to go "Hack" the other account... after they find it, if they know to look for it. e.g. I'd have have to check security logs etc which all takes time.
Consider it from the point of view ofthe "REal" admin, if they are the ones who logged in during an alert, they will know full well when they receive the notification on their other system that it's no big deal. Whereas if they haven't logged in during the alert, when they get that notification, they most certanly might come looking.
Geekkake
Sep 1 2006, 06:37 PM
| QUOTE (GrinderTheTroll) |
| QUOTE (deek @ Sep 1 2006, 11:11 AM) | I agree with Geekkake on this one. I would even go so far as to having e-mails or whatnot sent to all admins, including the hacker that just gained that access. So, he could certainly be aware of what the alert really triggered, but he can't stop another admin from coming in and "dealing" with 'em.
Once an alert is triggered, the node is aware, IC may be called, but a ton of other notification is going to be sent out...so while the hacker may have admin access now, his time is certainly limited, so he better get out quick! |
So the underlying question is, what is the difference between a Hacked Admin and a real Admin? Is there in your systems? Do you specify between different types of Admins in your systems?
If you say alerts are sent to Admins, and the Hack Admin knows, then should he also have the ability to cancel them? If not, then who does cancel them? If the answer is "another Admin" then why can't the Hacker do that as well since he is also an Admin?
|
I think explaining the situation in modern terms may bring a little clarification.
One place I worked, the system administrator (the JOB, not the account) had a pager. This was back when pagers were more common than cel phones. If anything went wrong with any of the servers (crashing, very abnormally high CPU usage, sudden bandwidth issues, etc.), he'd get a page, and he'd have to haul his ass out of bed and investigate.
Now, if a 1337 hax0r broke in and started fiddling with the machine enough to cause some kind of alert (as above, crashing servers or applications, CPU usage, etc.), the page was immediately and automatically sent to the system administrator. If the hacker knew about the process, he could theoretically mess with or remove that script once he was logged in as root (equivalent of "admin access").
However, if he didn't know about the script, his being logged in as root didn't stop the system administrator from having the system administrator position at the company, and his pager number being part of that script. The script doesn't care WHO is currently logged in as root, or WHO has the job at the company. It only has a pager number.
deek
Sep 1 2006, 07:17 PM
I don't think there is a difference between hacked admin or "real". But really, if an alert is sent, that doesn't matter. If the hacker wanted to remove that notification they would have to a) find the script that sent the notification as well as the destination and b) hack into the destination node (likely a commlink) and remove the alert email. To have it completely removed, the hacker would have to hope that the other admins hadn't yet a chance to read the notification...
So, yeah, the hacker, now as an admin, can cancel the alert and edit the script, but the alert has already notified other admins...so, the hacker has the choice of hurrying up and finishing whatever he was doing, or start hacking more nodes to remove the notification, as well as any security logs...which most of the time, a hacker is not going to have the time to do...
Now, if we assume the hacking exploit gave the hacker access to a single existing admin account, then he really wouldn't get a notification, the account's owner would have...
I think the key to all of this is that the hacker would need to do some editing and research before an alert was raised, otherwise, while the hacker now has admin access, the other admins would have been made aware of the breach...as rarely is there only one admin account per host!
It still comes down to how the GM designs the system. I did allow my hacker, one time, to find an outbound notification in queue after he halted an alert. It was a home security system and he got lucky that the monitoring agency didn't get the notification, as was planning to cancel the alert as soon as he got access...so the timing just worked out. But that does show, he was expecting something to happen before the alert went up...if he didn't think about it, or if the alert was raised a turn or more before he actually broke in, the notification would have already been sent and all he could have done was be aware of it...
GrinderTheTroll
Sep 1 2006, 07:25 PM
| QUOTE (Geekkake) |
Now, if a 1337 hax0r broke in and started fiddling with the machine enough to cause some kind of alert (as above, crashing servers or applications, CPU usage, etc.), the page was immediately and automatically sent to the system administrator. If the hacker knew about the process, he could theoretically mess with or remove that script once he was logged in as root (equivalent of "admin access").
|
The way I see it, Hacking an Admin account means 1 of 3 things:
1) You've logged-in as an existing Admin user.
2) You've created an account with Admin rights.
3) You've exploited the system in someway to let you do things like an Admin.
I've more inclinded to side with #3 since SR4 isn't very verbose on the topic and I think more that SR4 uses the Admin/Security/Personal user idea is a conveinent way to organize who can do what in the system. So any type of Admin account (Hacked or Legit) can effectively do the same things, whatever you've decided Admin accounts can do.
deek
Sep 1 2006, 07:35 PM
| QUOTE (GrinderTheTroll) |
The way I see it, Hacking an Admin account means 1 of 3 things:
1) You've logged-in as an existing Admin user.
2) You've created an account with Admin rights.
3) You've exploited the system in someway to let you do things like an Admin.
I've more inclinded to side with #3 since SR4 isn't very verbose on the topic and I think more that SR4 uses the Admin/Security/Personal user idea is a conveinent way to organize who can do what in the system. So any type of Admin account (Hacked or Legit) can effectively do the same things, whatever you've decided Admin accounts can do. |
I agree that those are the three ways I can think of...I disagree with your #3 though...as a Linux guy, everyone HAS to have an account, so there is not a way to be a "nebulous" user and just run rampant. The node has to be able to identify the user in some way...now I am not saying another GM can rule differently, but in my mind, a user account has to exist.
With that said, #2 is not something I would use...as this is not an exploit. You are gaining access to a system, likely as admin or security, then creating a new user (which is bound to set off flags if a new admin has been created) and then login using the new user...that just seems like a lot more steps for an exploit.
So, that leaves us with #1, an existing account. I have had a player hack in to an admin and then create a new account, leave the node then come back as the newly created account. Minus the fact that the account was flagged as a new admin, it worked out pretty well for him...
lorechaser
Sep 1 2006, 07:36 PM
Indeed.
And there is often a difference between admin access, and root access.
There are currently things which can *only* be done from the actual computer, with root access. Were I designing a system, you can damn well bet that "disable notifications" would be one of them.
Back when I was doing system security, we also would do things like strip cabling so that a computer could receive commands, but not report. We used that on our logging machines, so that all the logs could be transmitted to them, but you couldn't log in to them remotely - they would return information along dead cables.
So yeah, I'm fine with saying that the notification in uncancellable, at least in systems with high security.
GrinderTheTroll
Sep 1 2006, 07:52 PM
| QUOTE (deek) |
| QUOTE (GrinderTheTroll @ Sep 1 2006, 02:25 PM) | The way I see it, Hacking an Admin account means 1 of 3 things:
1) You've logged-in as an existing Admin user.
2) You've created an account with Admin rights.
3) You've exploited the system in someway to let you do things like an Admin.
I've more inclinded to side with #3 since SR4 isn't very verbose on the topic and I think more that SR4 uses the Admin/Security/Personal user idea is a conveinent way to organize who can do what in the system. So any type of Admin account (Hacked or Legit) can effectively do the same things, whatever you've decided Admin accounts can do. |
I agree that those are the three ways I can think of...I disagree with your #3 though...as a Linux guy, everyone HAS to have an account, so there is not a way to be a "nebulous" user and just run rampant. The node has to be able to identify the user in some way...now I am not saying another GM can rule differently, but in my mind, a user account has to exist.
|
Which is probably how things work in 2070. The lead-in text prior to the Matrix in SR4.core implies the stolen account only gets them so far inside the facility before they have to hack for better rights.
Thanks again for everyone's contributions here.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.