Full Version: Speeding Up Hacking
| QUOTE (cetiah) |
| Why would a hacker be using anything else? |
Because it takes priv to access the underlying APIs and kernel calls. Until you have a the appropriate rights you can't access useful things like the functions that edit account privileges. Until you have them you have to work via user tools.
Actually, Ser, As a newcommer to this debate I read the rulebook pretty heavily before posting. While its poorly organized in many regards, a quick look at the actual hacking rules point out that you have to give yourself permissions with an Edit action if you want account access. It's not missing, a hacker by default doesn't have permissions for all that stuff he's doing unless he takes an action to give himself permissions for later...
at which point, as far as the game is concerned, he's not really hacking any more until he attempts to exceed the permissions he gave himself. Maybe I'm reading too much into it.
at which point, as far as the game is concerned, he's not really hacking any more until he attempts to exceed the permissions he gave himself. Maybe I'm reading too much into it.
| QUOTE |
a hacker by default doesn't have permissions for all that stuff he's doing unless he takes an action to give himself permissions for later... |
Would please tell me then what the point in hacking in with security or admin access is then, if it doesnt come with the related rights?
And would you quote the passage in question?
To make my statement explicit:
Every hacker automatically has the rights related to the access account he hacked in with. I furthermore suspect heavily that he also is using the account in question, just doesnt have the password, though this is not explicitly mentioned anywhere in SR4.
| QUOTE |
at which point, as far as the game is concerned, he's not really hacking any more until he attempts to exceed the permissions he gave himself. Maybe I'm reading too much into it. |
I would agree. Rotbart would say that you can still be found as a hacker, because you dont have an account, just the rights (so you need to give yourself an account, not only the permissions you mention). Or Frank would say that you can still be found as a hacker, because you didnt delete the log files, and IC would check them.
Feel free to make your own interpretation.
| QUOTE (cetiah) | ||
Someone (Synner?) already addressed that the perception-tests are not node-wide. The perception test is made to see if the IC is looking in the particular part of the system you are accessing at the moment as it cycles one at a time through the various files and processes in a system. IC, apparently, can not look at all aspects of the node at one time. |
If someone did state that, it's in direct contradiction to the rules for how Matrix Perception Tests work as described on p.217.
If there's a seperate section that deals with alternate rules for how Agents/IC make matrix perception tests, please point it out to me, as I've apparently consistantly missed it on repeated readthroughs of the book.
Serbitar:
My point was that you don't have access rights or a user account until you edit an account with permission into existance. Prior to that you are an invader, a ghost in the machine, a fly in the ointment.
Once you've gone and given yourself an account, provided that account isn't discovered and closed in the meantime, you can log in as a fully authorized user at any point. You've already hacked in, now you are just logging in.
I started my research on the last post on page 221 under hacking, and then under hacking and accounts, which is where I suspect the confusion starts. Hacking and Accounts refers specifically to logging in with a stolen account, rather than just breaking in. If you don't have a legitimate account, stolen or edited in, then you have to break in.
Of course, you break in by hacking an existing account... the difference is one of where you do it.
OF course the key factor here, to me, is that at any point in this you are literally trying to be someone else. That other person undoubtedly has their own icons, their own distinctive persona, which isn't you... in fact, they may even be online at the same time you are. So when IC 'sees you', what they are actually seeing is that you are not who you say you are.
Now, if your hacked account has enough priviledge you can Edit a perfectly legitimate account for yourself, one that you don't have to hack to get into. As long as that account doesn't set off any alarms (say by hitting a data bomb or running a decrypt program on a file) then the IC isn't going to see it as anything but legit. A security hacker MIGHT notice they've got one too many admins running around, so it's not totally without risk.
I hope I explained why I think that the fact that you've hacked Admin privildeges isn't an instant 'I win' button, and why IC should, or should not harrass a hacker depending upon how he got in, as the rules suggest rather than lay out explicitely.
My point was that you don't have access rights or a user account until you edit an account with permission into existance. Prior to that you are an invader, a ghost in the machine, a fly in the ointment.
Once you've gone and given yourself an account, provided that account isn't discovered and closed in the meantime, you can log in as a fully authorized user at any point. You've already hacked in, now you are just logging in.
I started my research on the last post on page 221 under hacking, and then under hacking and accounts, which is where I suspect the confusion starts. Hacking and Accounts refers specifically to logging in with a stolen account, rather than just breaking in. If you don't have a legitimate account, stolen or edited in, then you have to break in.
Of course, you break in by hacking an existing account... the difference is one of where you do it.
OF course the key factor here, to me, is that at any point in this you are literally trying to be someone else. That other person undoubtedly has their own icons, their own distinctive persona, which isn't you... in fact, they may even be online at the same time you are. So when IC 'sees you', what they are actually seeing is that you are not who you say you are.
Now, if your hacked account has enough priviledge you can Edit a perfectly legitimate account for yourself, one that you don't have to hack to get into. As long as that account doesn't set off any alarms (say by hitting a data bomb or running a decrypt program on a file) then the IC isn't going to see it as anything but legit. A security hacker MIGHT notice they've got one too many admins running around, so it's not totally without risk.
I hope I explained why I think that the fact that you've hacked Admin privildeges isn't an instant 'I win' button, and why IC should, or should not harrass a hacker depending upon how he got in, as the rules suggest rather than lay out explicitely.
| QUOTE (Spike) |
| My point was that you don't have access rights or a user account until you edit an account with permission into existance. Prior to that you are an invader, a ghost in the machine, a fly in the ointment. |
Well no. If you don't have an account, you aren't in the node at all. In order to enter the node, you need to Hack in. In Hacking in, you get yourself a User Account, a Security Account, or an Admin Account, depending upon how many hits you get on your Hacking test.
But without that Hacking test, you're out in the cold. With that Hacking test, you're In Like Flynn. And there is no middle ground. And the cheese stands alone.
-Frank
| QUOTE (FrankTrollman) | ||
Well no. If you don't have an account, you aren't in the node at all. In order to enter the node, you need to Hack in. In Hacking in, you get yourself a User Account, a Security Account, or an Admin Account, depending upon how many hits you get on your Hacking test. But without that Hacking test, you're out in the cold. With that Hacking test, you're In Like Flynn. And there is no middle ground. And the cheese stands alone. -Frank |
Yeah... I forgot to clean up my post as I refined it based on what I was actually reading, rather than what I vaguely remembered from when I wrote the post.
You are correct of course. You break into an existing account, as I said later...
But I read it as you need to pick which type of account you want, not base it on how many hits you get. Am I missing something?
One of the things that I did for my game was to seperate fast hacks and slow hacks by account privileges.
A fast hack was where you were brute force hacking. I used exploit to cancel out the firewall. I have an attribute called security level that reflects things like sysops and strict user accounting. The firewall can be supressed but the security level is a constant issue. The security level reflects the things that in the RAW are the system making perception tests.
I do use security tally. You can increase the security tally in a few ways. You can roll below the security threshold, each point below adds one. Or you can glitch which adds the security threshold rating to the tally. You have a stealth program that supresses it's rating in security tallys.
All the rolling is done from the hacker's point of view. Until a security tally makes it past the stealth program then there is nothing for the system to notice. One it does then it starts raising the firewall to block out the possible problem. Add the alarm level (the security tally - the stealth rating) to the firewall until it doubles the firewall's rating.
This is the default behavior. I don't see any reason that any system would automatically send IC after every hacking attempt. Now use IC as a sort of data bomb on certain secret files. It only activates if you touch it in a bad spot.
One of my problems with the logic of Shadowrun hacking is that it SEEMS to be based on the idea that you would have only a few hacking attempts at a time and that it wouldn't slow the system down too much to have a few IC agents running around in the system looking at the few people in the system. Most systems that would have IC would have hundreds to thousands of users and a hundred hacking attempts each hour (or even minute). There would be constant bot tests of all the megacorp firewalls. Running enough IC to deal with all this would crash the system faster then that much normal server traffic. I can't imagine something much bigger then a semi intelligent program that can run other programs, make decisions, and move from place to place so it has to be independant. If it is an independant program it would be huge. If it is just a function of the system then it can be everywhere.
So this would allow a fast hack. The issues of account privaleges is covered by the security threshold (basically a person that just trusts their firewall has no security threshold and a sysop watching everything gives it a 4, the problem is that the higher your security the harder it is to do legitimate functions as it is always checking on you - this is why many people drop it down to nothing and trust their firewall even today).
A slow hack would be different. The interval would be in minutes or hours. You would exploit the firewall. Then you would edit it to always let you in. You no longer have to exploit the firewall. Then you exploit the security system and give yourself a user account. Then you exploit the system again if you need to to give yourself a admin account. Then you do what ever you want to do but make sure that you can get back in long term. Maybe you have the e-mail system cc everything to you. Maybe you have the reports of a monitoring program go to you. Etc. In effect you have a new contact. You can always get this information. You access level becomes a loyalty level. You have a connection level in a way reflecting the kind of information you are getting. The GM could roll a SOTA check versus the loyalty level anytime you want to find something out. This would possibly lower the loyalty (maybe called access level) until you slow hacked to fix the issue.
This is more of what I was thinking. A slow hack would be during downtime. The GM and the player could sit down and work this out. The fast hack wouldn't give you long term advantages but it would be a quick rolling system.
What do you guys think?
A fast hack was where you were brute force hacking. I used exploit to cancel out the firewall. I have an attribute called security level that reflects things like sysops and strict user accounting. The firewall can be supressed but the security level is a constant issue. The security level reflects the things that in the RAW are the system making perception tests.
I do use security tally. You can increase the security tally in a few ways. You can roll below the security threshold, each point below adds one. Or you can glitch which adds the security threshold rating to the tally. You have a stealth program that supresses it's rating in security tallys.
All the rolling is done from the hacker's point of view. Until a security tally makes it past the stealth program then there is nothing for the system to notice. One it does then it starts raising the firewall to block out the possible problem. Add the alarm level (the security tally - the stealth rating) to the firewall until it doubles the firewall's rating.
This is the default behavior. I don't see any reason that any system would automatically send IC after every hacking attempt. Now use IC as a sort of data bomb on certain secret files. It only activates if you touch it in a bad spot.
One of my problems with the logic of Shadowrun hacking is that it SEEMS to be based on the idea that you would have only a few hacking attempts at a time and that it wouldn't slow the system down too much to have a few IC agents running around in the system looking at the few people in the system. Most systems that would have IC would have hundreds to thousands of users and a hundred hacking attempts each hour (or even minute). There would be constant bot tests of all the megacorp firewalls. Running enough IC to deal with all this would crash the system faster then that much normal server traffic. I can't imagine something much bigger then a semi intelligent program that can run other programs, make decisions, and move from place to place so it has to be independant. If it is an independant program it would be huge. If it is just a function of the system then it can be everywhere.
So this would allow a fast hack. The issues of account privaleges is covered by the security threshold (basically a person that just trusts their firewall has no security threshold and a sysop watching everything gives it a 4, the problem is that the higher your security the harder it is to do legitimate functions as it is always checking on you - this is why many people drop it down to nothing and trust their firewall even today).
A slow hack would be different. The interval would be in minutes or hours. You would exploit the firewall. Then you would edit it to always let you in. You no longer have to exploit the firewall. Then you exploit the security system and give yourself a user account. Then you exploit the system again if you need to to give yourself a admin account. Then you do what ever you want to do but make sure that you can get back in long term. Maybe you have the e-mail system cc everything to you. Maybe you have the reports of a monitoring program go to you. Etc. In effect you have a new contact. You can always get this information. You access level becomes a loyalty level. You have a connection level in a way reflecting the kind of information you are getting. The GM could roll a SOTA check versus the loyalty level anytime you want to find something out. This would possibly lower the loyalty (maybe called access level) until you slow hacked to fix the issue.
This is more of what I was thinking. A slow hack would be during downtime. The GM and the player could sit down and work this out. The fast hack wouldn't give you long term advantages but it would be a quick rolling system.
What do you guys think?
Uh... great. Now, tell us - where's exactly the difference to RAW OTF and probing hacking?
I rather suspect the presence of black ice puts a stop to most casual hackers, and those hackers who are more or less immune (ie, not running VR to hack, or just using bots) are a mild enough threat to be ignorable.
We suggest that hackign is a cheap profession to get into... for a shadowrunner. For the normal asshat hackers that make up your hundreds or thousands of hacks? not so cheap, so they use cheaper wares... or older wares. Not saying they aren't out there, only that they are a much less credible threat to megacorps who are used to dealing with professional hackers and AI's...
We suggest that hackign is a cheap profession to get into... for a shadowrunner. For the normal asshat hackers that make up your hundreds or thousands of hacks? not so cheap, so they use cheaper wares... or older wares. Not saying they aren't out there, only that they are a much less credible threat to megacorps who are used to dealing with professional hackers and AI's...
What I specifically dont like in the RAW hack in rules is, that you will always hack in with admin rights if probing, and that nobody will notice a probe in progress.
Of course I have my own solution for that, but still, in RAW its kind of annoying.
Of course I have my own solution for that, but still, in RAW its kind of annoying.
I think that probing is not exactly working all the time on the node with your program. You may get a copy of the node "blueprint" and then experiment safely on your copy.
I'd like to add that you may spend some time search on the Matrix for details about the security of the node or the security holes this type of node may have or that you may try to adapt some of your exploit programs to that node, but I know you'll answer me that "since you don't roll data search and you don't roll software that's not the case".
What I mean is that probing the target is something you might be able to do without interacting directly with it, and so without any risks of being noticed before trying to get inside.
I'd like to add that you may spend some time search on the Matrix for details about the security of the node or the security holes this type of node may have or that you may try to adapt some of your exploit programs to that node, but I know you'll answer me that "since you don't roll data search and you don't roll software that's not the case".
What I mean is that probing the target is something you might be able to do without interacting directly with it, and so without any risks of being noticed before trying to get inside.
Its not about realism, its about balancing, and "what you want."
Everybody hacking in for admin access is kind of lame, at least for me.
Everybody hacking in for admin access is kind of lame, at least for me.
Except that it takes longer... And who knows, once inside the security measures may be heavier for admins. If you can't afford a check of each and every user entering the node, you surely ca do it for admins.
Yeah I know, that part isn't explicitely covered by the rules but the rules don't state that it's harder to get inside an Ares building pretending you are Damien Knight than pretending you are a janitor either.
Yeah I know, that part isn't explicitely covered by the rules but the rules don't state that it's harder to get inside an Ares building pretending you are Damien Knight than pretending you are a janitor either.
Yeah, I think that is the point, probing takes more time. In my experience so far, our group's hacker has entered approximately 20 systems through the course of our games. All but one of those were hacking on the fly. There was only one time that he went in other than an admin.
The thing is, every single time he has hacked on the fly, going for admin, he has set off alerts. He has solid stats, comm at 5/5/5/5, all programs at 5, and even a node 3/3/3/3 has been able to get 5 hits on his stealth before he was able to hit 9 (firewall 3 + admin 6) on the test.
I always ask him if he is going to try admin and he always says yes, knowing he is going to set off an alarm...so while I agree it is kinda lame to always go admin, thus far, he hasn't hit a "big" system that is really going to pour it on him with IC and other countermeasures...
Probing on the other hand, especially going for admin...yeah, why not go for admin? But there has only been one run this group has been on that the hacker could afford the one hour extended test that probing gives you. That in and of itself is the obstacle...and more than enough. Granted, if you are giving your players days or weeks to prepare, well, then it is going to be lame and most runs pretty easy. So far, I haven't given them that much time to prepare, so it all kinda balances itself out!
The thing is, every single time he has hacked on the fly, going for admin, he has set off alerts. He has solid stats, comm at 5/5/5/5, all programs at 5, and even a node 3/3/3/3 has been able to get 5 hits on his stealth before he was able to hit 9 (firewall 3 + admin 6) on the test.
I always ask him if he is going to try admin and he always says yes, knowing he is going to set off an alarm...so while I agree it is kinda lame to always go admin, thus far, he hasn't hit a "big" system that is really going to pour it on him with IC and other countermeasures...
Probing on the other hand, especially going for admin...yeah, why not go for admin? But there has only been one run this group has been on that the hacker could afford the one hour extended test that probing gives you. That in and of itself is the obstacle...and more than enough. Granted, if you are giving your players days or weeks to prepare, well, then it is going to be lame and most runs pretty easy. So far, I haven't given them that much time to prepare, so it all kinda balances itself out!
| QUOTE (deek) |
| But there has only been one run this group has been on that the hacker could afford the one hour extended test that probing gives you. |
That means only one thing - they can't plan.
\signed
The main-target host of a run will always be probed before. Everything else is just plain stupid.
Deek, please give examples of why they didnt probe.
The main-target host of a run will always be probed before. Everything else is just plain stupid.
Deek, please give examples of why they didnt probe.
Edit: Don't mean to put words in Deek's mouth, but I think my example meets your needs, Serb.
| QUOTE (Rotbart van Dainig) | ||
That means only one thing - they can't plan. |
Not necessarily. I've made a bunch of games where a hacker has to follow a trail of breadcrumbs through a number of systems each hack eating away at the time before the Johnson said that results would be superfluous. Each hack gives the team a little more information for the others to work with until they find the next system to hack. By the time the team is set up for the final Big Hack™, they don't have hours left in their time limit.
I also agree with the above statement that the additional time necessary to hack on the fly usually results in an alert. My hackers have usually used User access or Security if really necessary, but Admin is generally reserved for probing, which has only happened once or twice.
That's why you let Agents do the normal info-search.
Actually, I can imagine that most heavy hack runs are against 'hardened targets' who can't be hacked prior to the run. You know, pay data is in a node inside a wireless access blocking room, things like that. Once the runners are on site they DO NOT have time to probe the target, they have to break that sucker RIGHT FREAKING NOW before real security with real bullets are breathing down their necks.
If you runners can probe every target before the run, then the problem isn't the hacking rules, it's the lame corporate security.
If you runners can probe every target before the run, then the problem isn't the hacking rules, it's the lame corporate security.
| QUOTE (Rotbart van Dainig) |
| That's why you let Agents do the normal info-search. |
True, but if you don't know about hack B before you make hack A even the agent is going to have to take it step by step. And, to make it most effective, you make sure that legwork and non-hacking must be used to get from hack A to hack B.
Sure, it's called railroading for a reason.
Two examples for why they are not probing:
1) Much as Spike said, they are already on site or too much heat to drop everything and let the hacker start spending an hour or two to hack.
2) Which is mostly the way I set runs up, there is little time between the meet and mission specs and the time they need to be there and do "stuff". Many times, the group is meeting at a bar, hangout or luxury box as a sports arena and they often times still have to go back to their respective dwellings, get equipment and then travel together to some other location.
I haven't don't the hack A before hack B, then to go hack C...I like the concept, but I wouldn't do that on a regular basis. 90% of the time, hacking is happening to control/disable security, crash systems or grab some paydata on the way out.
And maybe it has a lot to do with our hacker also enjoying combat and not wanting to focus as much on the matrix...but still, I do run missions in a way that there is not a whole lot of lead time...
1) Much as Spike said, they are already on site or too much heat to drop everything and let the hacker start spending an hour or two to hack.
2) Which is mostly the way I set runs up, there is little time between the meet and mission specs and the time they need to be there and do "stuff". Many times, the group is meeting at a bar, hangout or luxury box as a sports arena and they often times still have to go back to their respective dwellings, get equipment and then travel together to some other location.
I haven't don't the hack A before hack B, then to go hack C...I like the concept, but I wouldn't do that on a regular basis. 90% of the time, hacking is happening to control/disable security, crash systems or grab some paydata on the way out.
And maybe it has a lot to do with our hacker also enjoying combat and not wanting to focus as much on the matrix...but still, I do run missions in a way that there is not a whole lot of lead time...
And, what exactly keeps the hacker from using travel time? The matrix is wireless, man.
I've just skimmed this thread. Fun stuff. I'm going to throw fuel on the fire by giving my interpretation of events.
Primary security would be the firewall but that's not enough so there's internal network monitoring. Both the OTF and Prober have some privileges on the system based on the user level of the application/account they respectively used to gain access. There are a host of applications that do that IRL now that are outside of the OS known as "intrusion detection systems" (IDS). These would be reflected by the "roaming" IC.
Given the scope of SR4 node/hosts, the bulk of the computing world will have one host per location with lots and lots of slave components that we can pretty much ignore (yay, SR4!). For example, my office (an engineering firm) has a local server (host) that handles printing, file storage, and mail. File storage is technically SAN but it's all managed by the server's authentication so it's one node. Other offices would be their own nodes, with various permissions granted to remote users.
These hosts would have two forms of IC, an everpresent sensor & defense laden program that acts as IDS/antivirus, and an Active Scan program that has the offensive oomph to wipe out attacks. IDS is always on and making regular perception tests. Depending on the number of slave devices, IDS could scan the primary host as rarely as once round or as much as every IP. Active Scan probably runs periodically (every 5-60 minutes) to provide a backup to the IDS and ensure the IDS is itself uncorrupted.
How IDS and Active Scan interact with hackers will depend on how the hacker enters the system.
Hack on the Fly (OTF) vs. Probing. OTF is a proper attack, using buffer overruns, weak encryption exploits, etc. to execute code on the host illicitly. 99% of an OTF hackers actions are outside the normal usage profile for the application that was exploited, making them very vulnerable to IDS. OTF hackers are constantly trying to stealth their way past the IDS system.
Probing results in the hacker acquiring a completely legit user account. Probing the network produces a userid+password, just as if you'd pointed a gun at John Doe's privates and demanded his access codes but with fewer stains on the carpet. The hacker can do anything the poor hacked John Doe could do with the same amount of IT attention. Meaning if you read John Doe's email, no problem. Read John Doe's files or files John Doe has ready access to, no problem. Start running hack software to break into Jane's files, problem.
IDS will detect a problem on a probed account if there are two logins from the same user. If John Doe decides, out of character, to update the TPS reports because there's nothing on the trid, the hacker could suddenly be in deep drek.
Active Scan might, maybe, be able to detect a probed account. I'd make it a hard test for Active Scan to realize that the account is being accessed from a machine running stealth/spoofing. I'd make the test very hard if the hacker made a perception test against John Doe's comm before the run and then tried to spoof as that comm.
The VR representation of this is entirely up to the host. IDS is anything from a security guard to eyes in the walls. Active Scan could be a roaming guard, a vacuum cleaner, or birds flying overhead.
Primary security would be the firewall but that's not enough so there's internal network monitoring. Both the OTF and Prober have some privileges on the system based on the user level of the application/account they respectively used to gain access. There are a host of applications that do that IRL now that are outside of the OS known as "intrusion detection systems" (IDS). These would be reflected by the "roaming" IC.
Given the scope of SR4 node/hosts, the bulk of the computing world will have one host per location with lots and lots of slave components that we can pretty much ignore (yay, SR4!). For example, my office (an engineering firm) has a local server (host) that handles printing, file storage, and mail. File storage is technically SAN but it's all managed by the server's authentication so it's one node. Other offices would be their own nodes, with various permissions granted to remote users.
These hosts would have two forms of IC, an everpresent sensor & defense laden program that acts as IDS/antivirus, and an Active Scan program that has the offensive oomph to wipe out attacks. IDS is always on and making regular perception tests. Depending on the number of slave devices, IDS could scan the primary host as rarely as once round or as much as every IP. Active Scan probably runs periodically (every 5-60 minutes) to provide a backup to the IDS and ensure the IDS is itself uncorrupted.
How IDS and Active Scan interact with hackers will depend on how the hacker enters the system.
Hack on the Fly (OTF) vs. Probing. OTF is a proper attack, using buffer overruns, weak encryption exploits, etc. to execute code on the host illicitly. 99% of an OTF hackers actions are outside the normal usage profile for the application that was exploited, making them very vulnerable to IDS. OTF hackers are constantly trying to stealth their way past the IDS system.
Probing results in the hacker acquiring a completely legit user account. Probing the network produces a userid+password, just as if you'd pointed a gun at John Doe's privates and demanded his access codes but with fewer stains on the carpet. The hacker can do anything the poor hacked John Doe could do with the same amount of IT attention. Meaning if you read John Doe's email, no problem. Read John Doe's files or files John Doe has ready access to, no problem. Start running hack software to break into Jane's files, problem.
IDS will detect a problem on a probed account if there are two logins from the same user. If John Doe decides, out of character, to update the TPS reports because there's nothing on the trid, the hacker could suddenly be in deep drek.
Active Scan might, maybe, be able to detect a probed account. I'd make it a hard test for Active Scan to realize that the account is being accessed from a machine running stealth/spoofing. I'd make the test very hard if the hacker made a perception test against John Doe's comm before the run and then tried to spoof as that comm.
The VR representation of this is entirely up to the host. IDS is anything from a security guard to eyes in the walls. Active Scan could be a roaming guard, a vacuum cleaner, or birds flying overhead.
dupe
| QUOTE (Rotbart van Dainig @ Feb 2 2007, 12:35 PM) |
| Sure, it's called railroading for a reason. |
It's only railroading if the players notice. If you can construct the mystery that they're solving in such a way that they feel in control at all times, then they won't even know that you planned everything out in linear steps. It's all about the illusion of control
| QUOTE |
| And, what exactly keeps the hacker from using travel time? The matrix is wireless, man. |
Nothing. But, again, if you can construct the mystery in such away that the players won't find the next clue or breadcrumb until the hack is finished, they have no where to travel to yet. They could be just driving around while the Hackers do their thing, but in general this is the time frame during which they do some contact upkeep, call fixers for gear, etc.
| QUOTE (Rotbart van Dainig) |
| And, what exactly keeps the hacker from using travel time? The matrix is wireless, man. |
The travel time in question is what keeps the hacker from using it.
Again, that depends on the exact scenario. My recollection is that sometimes the travel time has been less than an hour, something more akin to 20-30 minutes. Some of the time, the hacker is on his bike travelling. Other times, it has been they have been planning other aspects of the mission, en route.
But on the flip side, sometimes they have had 3-4 hours, which the hacker could have done some probing, spent more time on legwork, but didn't. It goes both ways.
I was just responding to Serbitar in what I have found in the games I have run...the extended time it takes to probe a target, within the scenarios of missions I have given my players, have been the main deterrant for probing...obviously, different missions and other GMs may have different results...
From the sceanrios I have given my players, there have been few times where a hacker probing the target would have been feasible...no one at my table is complaining...it just goes to show that even with the same RAW, depending on GM and player style, some of the issues that come up on this forum just don't apply to everyone...
| QUOTE (cetiah) | ||
Someone (Synner?) already addressed that the perception-tests are not node-wide. The perception test is made to see if the IC is looking in the particular part of the system you are accessing at the moment as it cycles one at a time through the various files and processes in a system. IC, apparently, can not look at all aspects of the node at one time. |
So, I went back to find the post that cetiah was referencing here. Cetiah was right, it was a post by Synner:
| QUOTE (Synner) |
| There's also a misconception that a node is an open space or small environment in VR when it could be divided into different rooms ("sectors" as it were) dedicated to different subsystems/functions/operations - just like an SR3 host. So if the IC is checking a subsystem or file you're not accessing, he might not be in the same virtual "room" as you. Technically he is doing Perception Tests on everything in his corner of the node and is focused elsewhere rather than where you "are" (what you are accessing). |
I would rebut this by pointing out that if this is a misconception, its a misconception that springs straight from the way the rules describe how matrix perception works:
"When you are accessing a node, you may set your Analyze program to automatically scan and detect other users/icons on that node with a Simple Action." p.217, SR4 core rules
It flat out says "on that node" and makes no mention of "on the same subsystem of the node. In fact, nothing in the Wireless World chapter that I've seen suggests that nodes are not the lowest division of matrix space (please point me to this if it's something I've missed.) If the intent of author and developer was to have matrix perception tests be anything less than nodewide, it certainly isn't clear from the text, from my reading of it.
Synner also mentioned that the IC may be performing other tasks with the analyze program aside from looking for unauthorized icons, but it'd be trivial have the IC/Agent alternate between tasks: Analyze for stealthed personas, Analyze Logfile A, Analyze for stealthed personas, Analyze Logfile B, and so on. Given the importance of detecting intruders, I can't imagine any sysadmin setting the "Patrol Cycle" for anything less than this.
I know there's an issue of "the GM can't make IC so impossible to avoid that the hacking element of Shadowrunning can't happen" however, IC is no longer exclusively an NPC tool. Player Characters are just as likely to use IC to protect their own devices under SR4, and if there isn't consistency between how PCs and NPCs use IC, the players are going to wonder why all these NPC sysadmins are idiots.
| QUOTE (Dashifen) | ||
It's only railroading if the players notice. If you can construct the mystery that they're solving in such a way that they feel in control at all times, then they won't even know that you planned everything out in linear steps. It's all about the illusion of control |
I agree 100% on this.
As a GM, planning is king and the more you can have thought out and planned before the game, usually equates to a smoother playing experience. Railroading, in my mind, comes up when the GM tells the players, no, you can't do A, you have to do B and doesn't budge.
Just having a series of linear steps a mission flows through isn't railroading, its just happens when putting together an adventure, IMO. And that goes both ways...if you are not railroading, but the players have the perception that the GM is, then that is railroading as well...it all comes down to player perception!
| QUOTE (Dashifen) |
| It's only railroading if the players notice. |
If they are not buying the ticket, they will.
| QUOTE (Rotbart van Dainig) | ||
If they are not buying the ticket, they will. |
I don't understand what you mean.
Same here, kinda drawing a blank there.
Granted, right now I'm hardly the sharpest tack in the box...
Granted, right now I'm hardly the sharpest tack in the box...
Sometimes, there are more interesting things to do than to follow the main plot.
Or, to simply fail to do so.
Or, to simply fail to do so.
I guess that's never happened to me. The players tend to become interested in solving the mystery in the same way that a person wants to see what happens at the end of any good story. I suppose if the story sucks then this might change but whether my players are easily amused or I'm a better storyteller than I may give myself credit for, so far I've had good luck with such things.
Either way, we're off topic
Either way, we're off topic
| QUOTE (Spike) |
| You know, pay data is in a node inside a wireless access blocking room, things like that. Once the runners are on site they DO NOT have time to probe the target, they have to break that sucker RIGHT FREAKING NOW before real security with real bullets are breathing down their necks. |
We had several solutions to that problem, and none of them involved our hacking it. Mostly because once you have defeat the physical security the system is toast.
1) We'd steal the entire system and work at it off-site. This was the preferred solution, because we got to keep the toys.
2) We'd install software designed to compromise it directly.
3) We'd install a remote tap so our client could hack it remotely.
4) We'd steal the system backups or main storage.
| QUOTE (kzt) | ||
We had several solutions to that problem, and none of them involved our hacking it. Mostly because once you have defeat the physical security the system is toast. 1) We'd steal the entire system and work at it off-site. This was the preferred solution, because we got to keep the toys. 2) We'd install software designed to compromise it directly. 3) We'd install a remote tap so our client could hack it remotely. 4) We'd steal the system backups or main storage. |
Your GM was exceptionally kind...
| QUOTE (Spike) |
| Your GM was exceptionally kind... |
I spend lots of time in data centers in real life. If they let you into the data center without a close escort they have already lost. It would take them days to find some of the things you could do in a few minutes if you know what you are doing, and that's only after they start looking.
| QUOTE (deek @ Feb 2 2007, 07:39 PM) |
| But on the flip side, sometimes they have had 3-4 hours, which the hacker could have done some probing, spent more time on legwork, but didn't. It goes both ways. |
Hackers have to do legwork?
But then, all your examples seem pretty special cases. The norm should be that you ahve several days to prepare a run. everything else is bad planning by the Johnsonn and should result in much more money offered.
| QUOTE (RunnerPaul) |
| I know there's an issue of "the GM can't make IC so impossible to avoid that the hacking element of Shadowrunning can't happen" however, IC is no longer exclusively an NPC tool. Player Characters are just as likely to use IC to protect their own devices under SR4, and if there isn't consistency between how PCs and NPCs use IC, the players are going to wonder why all these NPC sysadmins are idiots. |
QFT!
Exactly my point.
| QUOTE (kzt) | ||
I spend lots of time in data centers in real life. If they let you into the data center without a close escort they have already lost. It would take them days to find some of the things you could do in a few minutes if you know what you are doing, and that's only after they start looking. |
I was thinking more along the lines of this:
Anything with valuable data on it that you don't want people hacking into (thus the clean room) is going to be bolted down and otherwise VERY hard to pilfer. Extra big boxes just ot keep you from carrying it easily, shit like that....
| QUOTE (kzt) | ||
I spend lots of time in data centers in real life. If they let you into the data center without a close escort they have already lost. It would take them days to find some of the things you could do in a few minutes if you know what you are doing, and that's only after they start looking. |
That's a lame data center then. I have friends who work at Fortune 100 companies and they have massive physical security on their systems. Not to prevent external theft but to stop internal snafus. Between the HPPA team, the mail team, the security team, the accounting team, network services and the onsite NOC there are waaaaay too many people with legitimate data center access to leave things unsecured. At 4am mistakes happen.
The norm is cabinets bolted to the floors, doors locked, equipment cable-locked to the racks, and all the front panels locked. The really high security stuff has its own chain-link cage around it and with the exception of the main breaker, independent power feeds.
The security is even tighter at the hosting facilities I know of that require biometrics to access the building, have zoned security on the main floor, and limit the total number of personnel that any one client can have on the floor. Anyone wanting to exceed that number has their entire cabinet moved to a work room.
Add in SR4 secure RFID tags embedded in the chassis that will trigger alarms if the equipment leaves their areas and you have some difficulties in stealing the gear. Plus, if I were a paranoid corp type with a mainframe, I'd put a Comm into it designed to scream bloody murder and send the GPS coordinates. I'd make it look like a hard drive or other component that couldn't be identified as bogus until after the system was powered up.
okay kigmatzomat, you have given me some great ideas and some new terms for what I have been trying to describe.
I have something called Security as a rating on computers. It is basically a collection of effects of either having a lot of checks and restrictions or nothing past the Firewall. I thought of it partially because I realized that not everyone would have any security once you got past the Firewall. The reason for that was that the less you know about how computers work the more you are likely to remove or not use security systems becuase they bog you down.
I had this starting at 0 meaning no security. Once you are in you have admin status. There is no other checks or issues. This went up to 4 which reflected a sysop maintaining high security but no alarms going off or anything.
What I did was to make the security rating a threshold the whole time you are fast hacking into a system. It is all the hoops you have to go through to get things done. I also make it a form of automatic perception check. The system always has that amount of successes or awareness of problems. Basically if you ever roll below that number then you gain a security tally. If you get a glitch then you add the threshold to the security tally. Your stealth rating suppresses it's rating in security tallys automatically.
After that any points in the security tally past the stealth rating become alarm levels. The Firewall automatically raises by the alarm level until it reaches double it's rating at which time it closes the matrix connection. Since the firewall is another threshold that is canceled by exploit this can make your actions harder and harder to do. IC never gets called unless you get a copy of something sensitive.
The advantage of doing it that way is that there is only a few rolls to cover alot of things going on. The GM doesn't have to keep on going. It isn't easy to do but it isn't impossible either since a high amount of perception in the RAW would make it very hard. It also fits in with my view that computers should have more static traits because they will have only a set way of doing something most of the time. It gives an advantage to humans in that they have more potential to do well this way. It also means that computers are more like tools instead of other characters.
Now this sounds like the IDS you were describing to me. I was wondering if you could flesh this out more. Is what I have close? What would you recommend to make it more realistic? I'm not sure if it would be a good idea to increase this threshold 4 limit or not.
also could you explain Active Scan more for me. Is it a check on the IDS or something seperate? Should I come up with a game mechanic for this or should it be folded into the effect of the IDS and Firewall?
Thanx
I have something called Security as a rating on computers. It is basically a collection of effects of either having a lot of checks and restrictions or nothing past the Firewall. I thought of it partially because I realized that not everyone would have any security once you got past the Firewall. The reason for that was that the less you know about how computers work the more you are likely to remove or not use security systems becuase they bog you down.
I had this starting at 0 meaning no security. Once you are in you have admin status. There is no other checks or issues. This went up to 4 which reflected a sysop maintaining high security but no alarms going off or anything.
What I did was to make the security rating a threshold the whole time you are fast hacking into a system. It is all the hoops you have to go through to get things done. I also make it a form of automatic perception check. The system always has that amount of successes or awareness of problems. Basically if you ever roll below that number then you gain a security tally. If you get a glitch then you add the threshold to the security tally. Your stealth rating suppresses it's rating in security tallys automatically.
After that any points in the security tally past the stealth rating become alarm levels. The Firewall automatically raises by the alarm level until it reaches double it's rating at which time it closes the matrix connection. Since the firewall is another threshold that is canceled by exploit this can make your actions harder and harder to do. IC never gets called unless you get a copy of something sensitive.
The advantage of doing it that way is that there is only a few rolls to cover alot of things going on. The GM doesn't have to keep on going. It isn't easy to do but it isn't impossible either since a high amount of perception in the RAW would make it very hard. It also fits in with my view that computers should have more static traits because they will have only a set way of doing something most of the time. It gives an advantage to humans in that they have more potential to do well this way. It also means that computers are more like tools instead of other characters.
Now this sounds like the IDS you were describing to me. I was wondering if you could flesh this out more. Is what I have close? What would you recommend to make it more realistic? I'm not sure if it would be a good idea to increase this threshold 4 limit or not.
also could you explain Active Scan more for me. Is it a check on the IDS or something seperate? Should I come up with a game mechanic for this or should it be folded into the effect of the IDS and Firewall?
Thanx
| QUOTE (Garrowolf) |
| also could you explain Active Scan more for me. Is it a check on the IDS or something seperate? Should I come up with a game mechanic for this or should it be folded into the effect of the IDS and Firewall? |
As you know, my hacking rules use Firewall as an all purpose defense rating with all hacking attempts involving 2-3 tests against a Firewall. Although, I've tossed in another type of defense to kind of represent this sort of thing. The Maglocks have something called anti-tampering system or some such, rated 1-4, needing another test to avoid setting off an alarm. I've added this to my hacking rules. Some nodes are protected by a makeshift alarm that requires a seperate hacking check (threshold 1-4). Failure doesn't stop you from getting in (since you already succeeding in getting in), but you may set off the alarms on the way in.
I can see using Firewall as a threshod but how does several rolls against the Firewall speed up anything?
| QUOTE (kigmatzomat) |
| That's a lame data center then. I have friends who work at Fortune 100 companies and they have massive physical security on their systems. Not to prevent external theft but to stop internal snafus. Between the HPPA team, the mail team, the security team, the accounting team, network services and the onsite NOC there are waaaaay too many people with legitimate data center access to leave things unsecured. At 4am mistakes happen. The norm is cabinets bolted to the floors, doors locked, equipment cable-locked to the racks, and all the front panels locked. The really high security stuff has its own chain-link cage around it and with the exception of the main breaker, independent power feeds. The security is even tighter at the hosting facilities I know of that require biometrics to access the building, have zoned security on the main floor, and limit the total number of personnel that any one client can have on the floor. Anyone wanting to exceed that number has their entire cabinet moved to a work room. Add in SR4 secure RFID tags embedded in the chassis that will trigger alarms if the equipment leaves their areas and you have some difficulties in stealing the gear. Plus, if I were a paranoid corp type with a mainframe, I'd put a Comm into it designed to scream bloody murder and send the GPS coordinates. I'd make it look like a hard drive or other component that couldn't be identified as bogus until after the system was powered up. |
Colos are a special case, as are the high-end internet data centers. The appearance of security is a large part of the marketing. But real corporate data centers run by real companies that consider the data center a cost center and not a profit center are typically not run the same way. So don't take contracts that have you break into the main Aries data center or a 24x7 SCIF in the Pentagon. It's just too hard.
But as I said, the trick is getting physical access, without effective supervision. If someone can get into the room to hack the ultrasecure system that can only be hacked from inside the room you can probably also get inside and hack the security system that monitors the cameras and alarms on the equipment. Then the lockpicks come out. . .
If you are being subtle you attack either the cabling, or the RF cage if the systems are low enough bandwidth that they are using RF. Though installing keyloggers, cameras and other such toys shouldn't be underrated.
And if speed is more important than subtlety, doors, locks, bolts, cables, etc are trivial to remove with cutting tools.
RF tags etc work fine, but that's why we believed in faraday cages and spectrum analyzers.
| QUOTE (kzt) |
| okay kigmatzomat, you have given me some great ideas and some new terms for what I have been trying to describe. I have something called Security as a rating on computers. It is basically a collection of effects of either having a lot of checks and restrictions or nothing past the Firewall. I thought of it partially because I realized that not everyone would have any security once you got past the Firewall. The reason for that was that the less you know about how computers work the more you are likely to remove or not use security systems becuase they bog you down. |
Agreed.
I'll point out that I tried to apply a simple map of real-world concepts onto SR4 to see if they could apply. There are some parts that don't work too well but a lot of it is just fine. The trick is to not look too closely; the game is trying to be fun and somewhat logical, not an exact simulation. I run simulations of real-world events at work, not so much fun.
| QUOTE |
I had this starting at 0 meaning no security. Once you are in you have admin status. There is no other checks or issues. This went up to 4 which reflected a sysop maintaining high security but no alarms going off or anything. |
Disagree. The OS itself will have some defenses and access controls so I agree with the User/Security/Admin differentiator, I just wish that "security" was defined better. IMO, Security is for the security team, meaning physical and net, so they have access to the cameras and other onsite sensors. But that's an "IMO" because it seems pretty squidgy.
| QUOTE |
The advantage of doing it that way is that there is only a few rolls to cover alot of things going on. The GM doesn't have to keep on going. It isn't easy to do but it isn't impossible either since a high amount of perception in the RAW would make it very hard. It also fits in with my view that computers should have more static traits because they will have only a set way of doing something most of the time. It gives an advantage to humans in that they have more potential to do well this way. It also means that computers are more like tools instead of other characters. Now this sounds like the IDS you were describing to me. I was wondering if you could flesh this out more. Is what I have close? What would you recommend to make it more realistic? I'm not sure if it would be a good idea to increase this threshold 4 limit or not. |
IDS vary a lot in design and approach. Some examine the network connections, other the user activities, some use heurystic profiles based on the user's past activities. Detail is the antithesis of good gaming so a low-rated IDS would use one of the above, mid-rated would use multiple and high rated would have custom interaction between all the approaches.
I simply use an everpresent IC to represent IDS. A simple host (few slave devices) is scanned every round for stealthed targets with all users given a targeted Analyze every other round or so. Why not every round? I assume there are multiple users/agents running on the host at all times so the IDS is splitting its attention.
Typical IDS would have a high level Analyze, Track, and Stealth. Why stealth? So the invader doesn't neutralize the IDS. Nothing a virus writer likes more than figuring out a way to turn off anti-virus. Think the Norton or McAfee suites of software for an example of a simple, mass-market IDS. It includes a secondary firewall to monitor connections, memory management, application evaluation, file review, etc.
| QUOTE |
also could you explain Active Scan more for me. Is it a check on the IDS or something seperate? Should I come up with a game mechanic for this or should it be folded into the effect of the IDS and Firewall? |
Active scan is another IC, this one loaded with Analyze, An offensive application (attack, black hammer, blackout) and possibly armor and/or Medic depending on the host rating. It is run periodically, much like the nightly intensive scans that are part of the Norton/McAfees of the world, to both double-check the IDS portion and to confirm the IDS has not been co-opted.
A house rule I use for servers is a system rating dedicated to the OS & admins as compared to user-space activities. Comms would have the one rating, since their user-space is admin-level only. Most low level hosts have equal system & user ratings. Many corporate hosts have R3 userspace, R5-6 system to run IC and vital functions. Only high-end supercomputing types give R5-6 userspace, since who really needs that much CPU power?
| QUOTE (Garrowolf) |
| I can see using Firewall as a threshod but how does several rolls against the Firewall speed up anything? |
Well, access rolls only need to be made once per scene. So an additional access roll doesn't slow down the game much, and its not in every security system.
Cetiah, I thought that you said that you had them roll 2-3 times against the firewall?
Kigmatzomat, I am going to start calling Security IDS.
The reason I have a level 0 IDS is based on things like commlinks where the person has turned off the security features because they got in the way. I did things like this by accident a few times and I didn't realize why nothing was updating or doing anything in the background. A friend of mine realized it when she was messing with my setting to add something.
I also had a run where we found a target's commlink. My character hacked it. It had a high firewall but no internal security because the target was a distracted scientist type who got angry at anything that distracted him or slowed him down. It was stupid of him but entirely within character.
Of course I am assuming the bare minimum level of IDS would be what the hacker is trained to go through anyway.
I am trying to get rid of the matrix perception check and just use the effect of I as I have described earlier. I also am trying to seperate the system from IC and only use IC as an attack. The system can notice you if you do certain things and don't have a stealth program. In general I am trying to get rid of rolls on the part of the system and treat it as a series of thresholds instead.
Part of the reason for that is that I am trying to seperate the effect from the perception of the matrix. The perception of a guard my or maynot be there but the system doesn't need the IC to tell it what is there. If you could hide from the system you could hide from the IC. I am not wanting to model every process either. If you look at the beginning of the thread you will see my reasoning.
I do like the idea of multiple user levels of system within the same system as different IDS levels. I am going to have to work on that.
Thanks for the feedback
Kigmatzomat, I am going to start calling Security IDS.
The reason I have a level 0 IDS is based on things like commlinks where the person has turned off the security features because they got in the way. I did things like this by accident a few times and I didn't realize why nothing was updating or doing anything in the background. A friend of mine realized it when she was messing with my setting to add something.
I also had a run where we found a target's commlink. My character hacked it. It had a high firewall but no internal security because the target was a distracted scientist type who got angry at anything that distracted him or slowed him down. It was stupid of him but entirely within character.
Of course I am assuming the bare minimum level of IDS would be what the hacker is trained to go through anyway.
I am trying to get rid of the matrix perception check and just use the effect of I as I have described earlier. I also am trying to seperate the system from IC and only use IC as an attack. The system can notice you if you do certain things and don't have a stealth program. In general I am trying to get rid of rolls on the part of the system and treat it as a series of thresholds instead.
Part of the reason for that is that I am trying to seperate the effect from the perception of the matrix. The perception of a guard my or maynot be there but the system doesn't need the IC to tell it what is there. If you could hide from the system you could hide from the IC. I am not wanting to model every process either. If you look at the beginning of the thread you will see my reasoning.
I do like the idea of multiple user levels of system within the same system as different IDS levels. I am going to have to work on that.
Thanks for the feedback
| QUOTE (Garrowolf @ Feb 3 2007, 11:45 PM) |
| Cetiah, I thought that you said that you had them roll 2-3 times against the firewall? |
I meant that my system broke down the whole process of hacking into 2-3 rolls, total. Firewall is always used as the threshold, but different skills and programs apply depending on what you are trying to do.
Step 1: Attempt to access system. (Hacking vs Firewall; uses Exploit)
Step 2: Bypass intrusion alarm (if any) (Hacking vs Rating; uses Exploit)
Step 3: Conduct an operation in that system. (Hacking vs Firewall; various programs)
Repeat step 3 as necessary.
In a later draft, I got rid of step 2 altogether and wrote in "Watchdog I.C.E.", which requires the hacker to get more net successes than Watchdog's rating on the original Access test or Watchdog triggers an alarm. A little faster and a lot more dangerous than the anti-tampering system found on Maglocks. Like the anti-tampering, Watchdog doesn't actually stop you from getting in; it just triggers the Silent Alarm security event.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.