I've never known that much about drone rigging since 4th came along. Things have changed quite a bit, in part because of wireless. Wireless hacking has changed a lot of things and hacking to get control of a rigged vehicle/drone/system is now an interesting goal to have.
Question is: how would you build a drone hacker?
Of course you need a ridiculously good comm, and all the counter-counter-measures you can put your hands on. Plus a bunch of high-level programs, and some decent hardware and stuff like that, on top of hacking skills. You could have a few drones too, but not too many points will remain if a character is to be focused strickly on hacking drones, which has to be done on site, within signal range.
Has anyone tried that before? I was wondering because it crossed my mind that such a character could exist, but I'm not that great at building a hacker/rigger and I wanted to run this idea by people who might.
Full Version: The Drone Hacker
Hacking drones sounds like fun, but you better hope the riggers do not use encryption, otherwise it could take forever (at least when you do it during combat, that is, otherwise it works just fine, of course). 
Bye
Thanee
Bye
Thanee
Drone Hacker:
Base Skillset
Electronic Warfare (Communications)
Hacking (Spoof Command)
Computer (Edit)
Gunnery (Ballistic)
Groundcraft (Remote Operations)
Aircraft (Remote Operations)
That’s basically what one needs for stealing drones. EW is most important for out of combat stealing as you can intercept wireless signals and edit them so that you can insert your own commands and rewrite their subscription list.
Spoofing is for the combat when you need to fool the drone quickly. Gunnery and the vehicle skills can be altered depending on what kind of drone user you will be. Computer and edit actions are for when you have hacked them and gained a “legal” account in their node.
Get 2 commlinks. One for hacking and one as your firewall with multiple layers of IC and defenses.
Commlink 1 sets signal to 0 and connects to the matrix through commlink 2 with legal access with its commcode. Only way to commlink 1 is to go through the firewall of 2 and then hack all over again to commlink 1.
Base Skillset
Electronic Warfare (Communications)
Hacking (Spoof Command)
Computer (Edit)
Gunnery (Ballistic)
Groundcraft (Remote Operations)
Aircraft (Remote Operations)
That’s basically what one needs for stealing drones. EW is most important for out of combat stealing as you can intercept wireless signals and edit them so that you can insert your own commands and rewrite their subscription list.
Spoofing is for the combat when you need to fool the drone quickly. Gunnery and the vehicle skills can be altered depending on what kind of drone user you will be. Computer and edit actions are for when you have hacked them and gained a “legal” account in their node.
Get 2 commlinks. One for hacking and one as your firewall with multiple layers of IC and defenses.
Commlink 1 sets signal to 0 and connects to the matrix through commlink 2 with legal access with its commcode. Only way to commlink 1 is to go through the firewall of 2 and then hack all over again to commlink 1.
| QUOTE (The Jopp) |
| Get 2 commlinks. One for hacking and one as your firewall with multiple layers of IC and defenses. Commlink 1 sets signal to 0 and connects to the matrix through commlink 2 with legal access with its commcode. Only way to commlink 1 is to go through the firewall of 2 and then hack all over again to commlink 1. |
| QUOTE |
| What does subscribing/slaving a device mean, in terms of access/hacking? If a device is subscribed to someone else's commlink, can you hack/spoof that device directly, or do you need to hack the commlink first? If a group of devices were subscribed in a daisy-chain together, could you hack the last device directly, or would you need to hack them all in successive order? The act of subscribing is merely the act of creating and maintaining a connection between two nodes. Subscribing does not automatically grant access to a node (unless it happens to be a public all-access node) -- that is the purview of accounts. Subscribing is essentially the "handshake" that occurs between two nodes, a protocol check and very basic form of authentication so that each node knows it's connecting with the right other node. Slaving isn't really covered in the basic rules (you'll see more about this in Unwired), but it essentially counts as instructing one node to only communicate and take orders from another node (or nodes). The instruction to slave a node can only come from someone with admin privileges. In the basic rules, subscribing and slaving have no effect on hacking or spoofing commands. The act of hacking and/or spoofing is presumed to incorporate an impersonation of a legitimate connection (that's why you need a successful Matrix Perception Test before you can spoof a command). You will likely see an advanced/optional rule in Unwired that makes hacking/spoofing a slaved node trickier. This means that even if multiple nodes are daisy-chained together, each subscribed or slaved to the next, you don't need to hack/spoof them all in order to hack/spoof the last one -- you can go straight to the last node and attempt to hack/spoof it. Note that if a node that has other nodes slaved to it (we'll call this the master node) is hacked, then the hacker has open access to the slaved nodes as well (i.e., he does not need to hack them). |
From the FAQ the 'daisy' chain doesnt really accomplish anything (at least until possibly Unwired)
Who said anything about daisychain?
The important point is that Commlink 2 is NOT subscribed to commlink 1 and vice versa.
All you use is a legal access to commlink 2 with commlink 1 as an access point to the matrix, nothign more, just a router, but not subscription to share data.
The important point is that Commlink 2 is NOT subscribed to commlink 1 and vice versa.
All you use is a legal access to commlink 2 with commlink 1 as an access point to the matrix, nothign more, just a router, but not subscription to share data.
| QUOTE |
| Who said anything about daisychain? The important point is that Commlink 2 is NOT subscribed to commlink 1 and vice versa. All you use is a legal access to commlink 2 with commlink 1 as an access point to the matrix, nothign more, just a router, but not subscription to share data. |
| QUOTE |
| Get 2 commlinks. One for hacking and one as your firewall with multiple layers of IC and defenses. Commlink 1 sets signal to 0 and connects to the matrix through commlink 2 with legal access with its commcode. Only way to commlink 1 is to go through the firewall of 2 and then hack all over again to commlink 1. |
| QUOTE |
| you don't need to hack/spoof them all in order to hack/spoof the last one -- you can go straight to the last node and attempt to hack/spoof it. |
I have always taken the intent of the authors to be if a node can access the matrix it is on the matrix, if it can't it isn't.
If Comlink B is relaying signal (now a WiFi access point) to Com B, it is relaying signals. The FAQ (to me) makes it pretty clear that until Unwired comes out, multiple layered defense is not possible.
Otherwise there wouldnt be a system in the world that could be hacked.
Commlinks are cheap enough, that every coroporation would have a layer of 10-12 commlinks in wi-fi shielded tubes .8 meters apart, that only the first one is in range of the 'corporate' system and only the last one has a signal strong enough to reach the 'matrix'.
12 systems: You going to do something unlucky going through them and relatively cheap cost for the corporation (when you factor in the cost of electronic crimes).
If something can interract with the matrix, the matrix can interact with it.
Until Unwired there is no 'proxy' / 'layered' / etc designs.
Well, in my case i meant i as a wired medium. There is no wi-fi information going from A-B but either 2 cybernetic commlinks and hardware link or by fiberoptic cable.
| QUOTE (The Jopp) |
| Well, in my case i meant i as a wired medium. There is no wi-fi information going from A-B but either 2 cybernetic commlinks and hardware link or by fiberoptic cable. |
ok, to put it another way: if you want to route your matrix access through a given commlink, good for you. that commlink will proceed to route all attempts to access your main commlink, with or without your permission, to your main commlink... just like all the other nodes you have to hop through as part of being the matrix.
you can't force them to hack your 'firewall node' to get to your main commlink, because if you are accessing the matrix with your main commlink, the matrix can access you.
unless of course you're talking about just using one commlink to access your PAN via purely wired connections, while the other commlink is not connected at all, in any way, and is what you use for accessing the matrix.
| QUOTE (Jaid @ Apr 14 2007, 11:33 AM) |
| unless of course you're talking about just using one commlink to access your PAN via purely wired connections, while the other commlink is not connected at all, in any way, and is what you use for accessing the matrix. |
Not...quite, almost.
Commlink A is connected to B with fibre optic cable and no signal rating.
Commlink B has a signal rating.
Commlink A uses a legal access to access commlink B as a Node.
If someone traces Commlink A commcode and decides to track him/her down and hack Commlink A they will be stopped after a few nodes at the Firewall of Commlink B since they have no legal access code to access Commlink B.
In order to access commlink B they need a passcode AND a returned passcode from commlink A.
Nor can the above be spoofed as devices cannot be spoofed, only agents and pilots.
In order to continue to commlink A they must hack Commlink B and then search for possible access points to Commlink A.
Once they find Commlink A they can then proceed to hack it.
ComA - ComB (Firewall) - Node1 - Node2 - Node3 - Enemy Hacker
Unlike most users who directly connects with their commlink to an available public node on the matrix, in this scenario you have a secondary beefed upp commlink who's job it is to stop pursuers, albeit mostly temporarely.
| QUOTE (The Jopp) |
| Not...quite, almost. [snip] |
Stop it!. You're trying to apply logic to the absurdity that is the SR computer rules.
If they hack the outer commlink and the outer one is subscribed to the inner one then they would have the easy access to the inner commlink once they exploit into the outer commlink as far as I can figure. The passcode is all fine and good but would apply to all traffic since there are not currently multiple levels of subscribed access. You either are, or are not.
Secondly if the inner commlink has access to the outside world they could hack it directly. The first thing I'd do as an intruder is hack into the outer one, from there pass via the subscribed device into the inner one and command it to turn the wireless on. Then I could hack into it directly while staying in the first, outer node.
Sure you could eject the intruder but how often do you check th status of your wireless especially when it is set to not update your image link with its status. In the end you have the same level of susceptibility as a single commlink system.
If putting all of the teams commlinks behind yours you could man it actively and make it harder to stealth through it.
Secondly if the inner commlink has access to the outside world they could hack it directly. The first thing I'd do as an intruder is hack into the outer one, from there pass via the subscribed device into the inner one and command it to turn the wireless on. Then I could hack into it directly while staying in the first, outer node.
Sure you could eject the intruder but how often do you check th status of your wireless especially when it is set to not update your image link with its status. In the end you have the same level of susceptibility as a single commlink system.
If putting all of the teams commlinks behind yours you could man it actively and make it harder to stealth through it.
| QUOTE (The Jopp) | ||
Not...quite, almost. |
you're not getting it. unless the commlink you connect to the matrix through is transmitting everything to the commlink you use, it is useless. the fact that you are accessing the matrix means, by definition, that people on the matrix can access you.
it doesn't matter whether you own the commlink they have to bounce their signal through, because in order for your setup to even work, your router commlink *has* to transmit everything the matrix sends it to your main commlink... in other words, it just sits there and does nothing, in an expensive sort of way.
no one has to do anything to the outer commlink, for exactly the same reason that you don't have to hack 50 different nodes before you can get into a node that is a couple of miles away.
your 'firewall' commlink does absolutely nothing, as long as your other commlink is accessing the matrix, because of how accessing the matrix works.
Ok, first check page 215 on "Passcodes" in SR4. Anyone can limit access to a node through passcodes and linked passcodes.
Firewall B acts as a chokepoint, one cannot go through B without either using the right passcode or hacking it.
So, IF someone has a chokepoint chain of 50 commlinks with 50 different linked passcodes to the other nodes one HAS to hack each and every one of them unless you have each and every code.
They cannot hack commlink A since it doesnt emitts a signal, they can however hack B since that's the signal they find and knows that A's Commcode uses B as a node to skip through to the matrix.
There are already rules for limited access to nodes and that's the Passcode section in SR 4, subscription is for nodes to share data, or more specifically, for one node to manipulate data in another node. Without subscription you just use a node to relay a signal, but id doesn't mean that anyone trying to access the node has a legal access to go through it, unlike what public nodes have.
My point is that Node B has several agents and runs constant analyze checks against intrusion and will hopefully find anyone trying to hack B. Comm A can focus on being loaded with offensive programs and won't have to bother too much with defense (sure, matrix attacks can happen when the PERSONA is in another node but hackign attempts against the comm is rather safer.
Firewall B acts as a chokepoint, one cannot go through B without either using the right passcode or hacking it.
So, IF someone has a chokepoint chain of 50 commlinks with 50 different linked passcodes to the other nodes one HAS to hack each and every one of them unless you have each and every code.
They cannot hack commlink A since it doesnt emitts a signal, they can however hack B since that's the signal they find and knows that A's Commcode uses B as a node to skip through to the matrix.
There are already rules for limited access to nodes and that's the Passcode section in SR 4, subscription is for nodes to share data, or more specifically, for one node to manipulate data in another node. Without subscription you just use a node to relay a signal, but id doesn't mean that anyone trying to access the node has a legal access to go through it, unlike what public nodes have.
My point is that Node B has several agents and runs constant analyze checks against intrusion and will hopefully find anyone trying to hack B. Comm A can focus on being loaded with offensive programs and won't have to bother too much with defense (sure, matrix attacks can happen when the PERSONA is in another node but hackign attempts against the comm is rather safer.
The game rules are an abstraction. The Matrix rules moreso than usual. Within any abstraction, you're going to be able to just *say* you do something outside the rules that the game presents. Even if this seems like a sensible and reasonable thing to do in the game WORLD, it is not part of the GAME. If the abstraction is complete, there is a reasonable chance that what you are attempting to do is covered by an existing rules concept. If it isn't, then it probably should be.
A trite example for clarity. I describe to my players a tough-looking foe in a clearly heavily armoured duster. Being armed only with light pistols, my players are worried they won't be able to penetrate his armour. They can, however, see his head clearly, and my samurai says "OK, I shoot him in the face."
It's a perfectly reasonable thing for a crack gunman to do in the circumstances. But he can't, the reason being that the armour rules are abstract and it is assumed that people firing guns aim at whatever target they see fit. In fact, there is a specific abstraction for this; a called shot. It doesn't automatically make my player hit this tough guy in the head, but it models it OK.
What you are doing, Jopp, is exactly what my player wanted to do. He's stepping outside the rules of the game and doing something that seems sensible in the world, but is actually completely illegal in the game. Just like combat would be retarded if everyone could just choose to plug their targets in the head, the Matrix would be retarded if everyone could just choose to chain themselves behind a hundred "repeater" nodes filled with a thousand duplicated agents.
So what do we do? We find an abstraction that makes things playable. Routing yourself through other nodes (regardless of whose) and disguising who you are sounds like Stealth to me. Setting up additional layers of protection sounds like Firewall. Choose whatever rationalisation you want.
Maybe you should be able to make some kind of skill test to see how well you can overchargge your defenses in a pinch, but that's an issue for Unwired.
For GMs and players alike the lesson is: If it's not covered by a rule, it sounds too easy, it sounds powerful, and most importantly the world wouldn't work if it really was like that... Then it isn't. RPGs have a great degree of freedom when it comes to actions, but you've got to make sure you're still playing the game.
A trite example for clarity. I describe to my players a tough-looking foe in a clearly heavily armoured duster. Being armed only with light pistols, my players are worried they won't be able to penetrate his armour. They can, however, see his head clearly, and my samurai says "OK, I shoot him in the face."
It's a perfectly reasonable thing for a crack gunman to do in the circumstances. But he can't, the reason being that the armour rules are abstract and it is assumed that people firing guns aim at whatever target they see fit. In fact, there is a specific abstraction for this; a called shot. It doesn't automatically make my player hit this tough guy in the head, but it models it OK.
What you are doing, Jopp, is exactly what my player wanted to do. He's stepping outside the rules of the game and doing something that seems sensible in the world, but is actually completely illegal in the game. Just like combat would be retarded if everyone could just choose to plug their targets in the head, the Matrix would be retarded if everyone could just choose to chain themselves behind a hundred "repeater" nodes filled with a thousand duplicated agents.
So what do we do? We find an abstraction that makes things playable. Routing yourself through other nodes (regardless of whose) and disguising who you are sounds like Stealth to me. Setting up additional layers of protection sounds like Firewall. Choose whatever rationalisation you want.
Maybe you should be able to make some kind of skill test to see how well you can overchargge your defenses in a pinch, but that's an issue for Unwired.
For GMs and players alike the lesson is: If it's not covered by a rule, it sounds too easy, it sounds powerful, and most importantly the world wouldn't work if it really was like that... Then it isn't. RPGs have a great degree of freedom when it comes to actions, but you've got to make sure you're still playing the game.
In what way do I go around the rules when it is the exact way a corporation would set up chokepoints with multiple wired nodes in a building and one wireless access to the outside?
You don't.
Actually, the setup for my SR4 character is one implanted commlink with wireless and skinlink, running only programs needed for electronic warfare and IC and an implanted commlink without any external connection running only programs needed by the persona.
Actually, the setup for my SR4 character is one implanted commlink with wireless and skinlink, running only programs needed for electronic warfare and IC and an implanted commlink without any external connection running only programs needed by the persona.
| QUOTE (The Jopp) |
| In what way do I go around the rules when it is the exact way a corporation would set up chokepoints with multiple wired nodes in a building and one wireless access to the outside? |
What do you mean by 'around the rules'?
| QUOTE (Wasabi) | ||
What do you mean by 'around the rules'? |
Sorry, i meant stepping aside the rules as Narmio claimed.
Why not the following: u can route your comlink like jopp describes it, but with every node between your primary comlink and the public nodes your response goes down by one.
This would stop 50+ comlink abuse and would also refer to reality. You can already go through servers that hide your true identity today, but it makes you damn slow...
Also, Corps wouldnt use Comlinks as nodes but hosts, which have virtually no limits in response or system attributes (for game purposes capped at 7), and where precisely does it say that the Corps dont do exactly that? They did in SR3 and in my games they still do that in SR4, so Jopps idea sounds perfectly plausible to me.
This would stop 50+ comlink abuse and would also refer to reality. You can already go through servers that hide your true identity today, but it makes you damn slow...
Also, Corps wouldnt use Comlinks as nodes but hosts, which have virtually no limits in response or system attributes (for game purposes capped at 7), and where precisely does it say that the Corps dont do exactly that? They did in SR3 and in my games they still do that in SR4, so Jopps idea sounds perfectly plausible to me.
One thing to remember is that it isn't broken because IF someone hacks commlink B the main commlink (A) will not be armed with any defensive countermeasures.
The main point for this is to free up program slots for hackign and not having to boost defenses against hacking intrusion - but once they have cracked that the hacker better be prepared to load up defensive programs.
The main point for this is to free up program slots for hackign and not having to boost defenses against hacking intrusion - but once they have cracked that the hacker better be prepared to load up defensive programs.
and hey, when the hacker has to go through 5000 nodes before he gets to anything even remotely significant, that'll be fun, right?
| QUOTE |
| One thing to remember is that it isn't broken because IF someone hacks commlink B the main commlink (A) will not be armed with any defensive countermeasures. |
Ah, but that isn't a rule under your system. That's something you're choosing to do. Once you allow this, there's nothing stopping a player from carrying twelve IC-loaded all-Defense commlinks. And then putting normal defenses on his main commlink.
As to how you're going around the rules: There are no rules for directly routing traffic through a node that do not ALSO say you can just access the Matrix data from the originator. The matrix in SR4 is a free self-configuring mesh network, anything that is conneted to anything that is connected to anything else is connected to everything.
Just like you don't have to hack your apartment, then your apartment block, then the street, then the suburb RTG, then their suburb, their street, their aparment...
There are so many reductio ad absurdums for this proposition that it's comical. That your argument in favour of it is "not having to boost defenses against hacking intrusion" (ie: gaining an in-the-rules advantage for an out-of-the-rules setup) just really nails down my point: you're cheating.
| QUOTE (Narmio) |
| As to how you're going around the rules: |
It was said before:
Chokepoints are suggested as security layout on p. 223.
Yeah, using suggestions goes against the rules.
Narmio, I respectfully disagree.
If i had used commlinks linked together through WIRELESS means then i agree that you only have to pick the right signal in order to find and hack the final commlink. In this example we have a WIRED access that is protected by a linked passcode for legal access.
PUBLIC nodes out on the matrix is a skip-through-for-all but in this case we are talking about PRIVATE nodes that can be protected by passcodes, linked passcodes or heck, even hardware key access and also being WIRED to the node that has a wi-fi connection.
Yes, if someone hacks a commlink they gain access to whatever is subscribed to it but there IS NO SUBSCRIPTION.
If a subscription was needed in order to access a node then EVERY damn node one skips through on the matrix would have to be subscribed to the commlink while you are there and that cannot have been the intent of the rules.
I could do the same with a team of commlinks. Think about it. Five hackers that have one commlink each. Hacker 1 have 1 access code for each other team member, they in turn have one LINKED passcode to hacker 1. Each hacker have 1 code for one of the other members and one must log on to the commlinks in order: 1 to 2 and 2 to 3 etc.
Now, if they go wireless you have no problem of finding hacker 1 through wireless interception. If they, on the other hand is linked through fibreoptic wire then there is a problem.
FINDING his node is no problem, a Track action will reveal that he is at location X and that in order to reach that one you have to go through four wired nodes.
You CANNOT hack Hacker 1 before hacking 2-5 since you need access to the wired network through commlink 5.
Now, enlighten me please how this would be different from having a building with 1 wireless access and 4 wired chokepoints of nodes before you get to the last wired node with the data you intend to steal.
Do you seriously believe that just because the last node is accessing the matrix that you can hack it without entering the buildings wired network and hack each node.
If you do then I seriously believe that your GM will disagree with you.
The entire POINT with wired networks of nodes is that you HAVE to hack them in order to get through to the deeper layered ones.
If i had used commlinks linked together through WIRELESS means then i agree that you only have to pick the right signal in order to find and hack the final commlink. In this example we have a WIRED access that is protected by a linked passcode for legal access.
PUBLIC nodes out on the matrix is a skip-through-for-all but in this case we are talking about PRIVATE nodes that can be protected by passcodes, linked passcodes or heck, even hardware key access and also being WIRED to the node that has a wi-fi connection.
Yes, if someone hacks a commlink they gain access to whatever is subscribed to it but there IS NO SUBSCRIPTION.
If a subscription was needed in order to access a node then EVERY damn node one skips through on the matrix would have to be subscribed to the commlink while you are there and that cannot have been the intent of the rules.
I could do the same with a team of commlinks. Think about it. Five hackers that have one commlink each. Hacker 1 have 1 access code for each other team member, they in turn have one LINKED passcode to hacker 1. Each hacker have 1 code for one of the other members and one must log on to the commlinks in order: 1 to 2 and 2 to 3 etc.
Now, if they go wireless you have no problem of finding hacker 1 through wireless interception. If they, on the other hand is linked through fibreoptic wire then there is a problem.
FINDING his node is no problem, a Track action will reveal that he is at location X and that in order to reach that one you have to go through four wired nodes.
You CANNOT hack Hacker 1 before hacking 2-5 since you need access to the wired network through commlink 5.
Now, enlighten me please how this would be different from having a building with 1 wireless access and 4 wired chokepoints of nodes before you get to the last wired node with the data you intend to steal.
Do you seriously believe that just because the last node is accessing the matrix that you can hack it without entering the buildings wired network and hack each node.
If you do then I seriously believe that your GM will disagree with you.
The entire POINT with wired networks of nodes is that you HAVE to hack them in order to get through to the deeper layered ones.
Jopp, I'm not opposed to what you're saying... really I'm not. I do, however, have trouble following the logic of how an intruder is choked at the chokepoint. Here is my understanding and maybe you can let me know where my logic breaks down or what pieces I'm missing because I'd like to have your perspective.
The games I'm in almost always allow realism/sophistication in the matrix end of the game but I'm having trouble following your logic. Whether it does or doesn't stick 100% to RAW isn't a concern to me but the logical presentation of the method does concern me as I'd like to include chokepoints in a logical fashion in my own games.
I'm gonna give this in terms of premises to keep it as cogent as possible:
1. Hacking from a commlink requires a matrix connection.
2. Wired, Wireless, whichever the method its still the same ability to carry a data stream including the same vulnerabilities.
3. The hacker is not entering the passcode each and every time they do an action. They are entering it once and thats it.
4. Both outgoing and incoming data streams continue a-ok once they have are authenticated via passcode allowing continuous data exchange with the outside world. Meaning that the hacker doesnt lose his connection when out in the general matrix. In other words the legit hacker isn't choked on incoming or outgoing matrix traffic.
5. To me this describes Encryption, not a Passcode. A Passcode would be a physically entered key like a biometric scan only with a passcode more like a sophisticated PIN number or other password-like entry a bajillion characters long.
As you describe these sorts of Chokepoints they don't seem to me to stop matrix traffic. They are set to disallow matrix traffic that lacks the passcode and the Exploit program and the Hacking skill include forging authentication and legitimate access where things don't use encryption. Where encryption *is* used the time must be taken to decrypt it in the presence of the encrypted icon/data stream/whatever is encrypted.
Let me reiterate that I'm not at all against the concept merely that I'm having trouble following the logic. My understanding of how the matrix and matrix traffic work is that you are describing encryption which would require an intruder to exploit into the outer node then spend time decrypting the inner node. To deviate from this with some other mechanic to delay the intruder doesn't seem valid but my ears are open to understanding pieces I may be missing or misunderstanding.
The games I'm in almost always allow realism/sophistication in the matrix end of the game but I'm having trouble following your logic. Whether it does or doesn't stick 100% to RAW isn't a concern to me but the logical presentation of the method does concern me as I'd like to include chokepoints in a logical fashion in my own games.
I'm gonna give this in terms of premises to keep it as cogent as possible:
1. Hacking from a commlink requires a matrix connection.
2. Wired, Wireless, whichever the method its still the same ability to carry a data stream including the same vulnerabilities.
3. The hacker is not entering the passcode each and every time they do an action. They are entering it once and thats it.
4. Both outgoing and incoming data streams continue a-ok once they have are authenticated via passcode allowing continuous data exchange with the outside world. Meaning that the hacker doesnt lose his connection when out in the general matrix. In other words the legit hacker isn't choked on incoming or outgoing matrix traffic.
5. To me this describes Encryption, not a Passcode. A Passcode would be a physically entered key like a biometric scan only with a passcode more like a sophisticated PIN number or other password-like entry a bajillion characters long.
As you describe these sorts of Chokepoints they don't seem to me to stop matrix traffic. They are set to disallow matrix traffic that lacks the passcode and the Exploit program and the Hacking skill include forging authentication and legitimate access where things don't use encryption. Where encryption *is* used the time must be taken to decrypt it in the presence of the encrypted icon/data stream/whatever is encrypted.
Let me reiterate that I'm not at all against the concept merely that I'm having trouble following the logic. My understanding of how the matrix and matrix traffic work is that you are describing encryption which would require an intruder to exploit into the outer node then spend time decrypting the inner node. To deviate from this with some other mechanic to delay the intruder doesn't seem valid but my ears are open to understanding pieces I may be missing or misunderstanding.
I think you understand it perfectly, except the password part. Check out page 215 for Passcodes (Authorized Access), that explains a lot of my reasoning. You can have public nodes (webpages/forums) that requires passwords to enter and that means that some nodes MUST be hacked unless you have the correct passcode.
Exploit and hacking is needed to get through and that was the main point, to buy time because you must start hacking a lot earlier, in a node designed for intrusion defense where you have multiple agents/IC that runs constant Analyze tests for just that event instead of the node you WANT to hack.
Its main strength is that you cannot HACK the main commlink directly. SR4 requires you to have access to the Node in order to hack it and unless it has its own signal you must be inside the node that provides it with a matrix connection.
In order to reach the first Node you must get through the router (commlink 2) Yes, it allows data traffic from the main commlink but also ONLY for that commcode. Any other Commcode, persona, icon or agent needs a passcode to get inside, and the main commlink must verify it with another code.
Once that commlink HAS been hacked it’s no biggie to hack the second one – but it requires a second hacking test.
Oh, just thought on something else, these are the layers of defense in this case:
Hidden Signal
Encrypted Signal
Linked Password (Legal Access to B)
Commlink B
Password (Legal Access to A)
Commlink A
The above buys time and increases the risk for someone trying to hack from B to A getting caught.
References:
Network Security (Page 223 SR4)
Hacking and Accounts (Page 221 SR4)
Authorized Access (Page 215 SR4)
Exploit and hacking is needed to get through and that was the main point, to buy time because you must start hacking a lot earlier, in a node designed for intrusion defense where you have multiple agents/IC that runs constant Analyze tests for just that event instead of the node you WANT to hack.
Its main strength is that you cannot HACK the main commlink directly. SR4 requires you to have access to the Node in order to hack it and unless it has its own signal you must be inside the node that provides it with a matrix connection.
In order to reach the first Node you must get through the router (commlink 2) Yes, it allows data traffic from the main commlink but also ONLY for that commcode. Any other Commcode, persona, icon or agent needs a passcode to get inside, and the main commlink must verify it with another code.
Once that commlink HAS been hacked it’s no biggie to hack the second one – but it requires a second hacking test.
Oh, just thought on something else, these are the layers of defense in this case:
Hidden Signal
Encrypted Signal
Linked Password (Legal Access to B)
Commlink B
Password (Legal Access to A)
Commlink A
The above buys time and increases the risk for someone trying to hack from B to A getting caught.
References:
Network Security (Page 223 SR4)
Hacking and Accounts (Page 221 SR4)
Authorized Access (Page 215 SR4)
u can take an example from reallife:
if a hacker attacks your Computer some firewalls offer the option to diplay the hackers id. However this id is an ip of the hackers ISP, in order to identify the hacker u have to ask the service provider to tell you who had this ip at the time of the attack, or you hack the ISP Server.
Same goes for comlinks, do not assume that everybodys comlink is a router for everybody elses comlink, that would be to much traffic for any wireless device , dedicated satellites excluded. Wireless comunication requires a wired infrastructure like cellular phones do today.
This infrastrcture includes Server (hosts) that forward the requests to the net (basically other servers) and will also forward the results of your request back to your computer (comlink). A command or code and even an attack is such a request.
The big difference between a comlink and a host is that a host is basically a server (it serves information), which is why u can hack it from the net, a comlink however does not serve information to the net, so in order to hack it u would either hack its ISP first to get to it, or you attack it directly by intercepting and spoofing its wireless signals with next infrastructure antenna.
if a hacker attacks your Computer some firewalls offer the option to diplay the hackers id. However this id is an ip of the hackers ISP, in order to identify the hacker u have to ask the service provider to tell you who had this ip at the time of the attack, or you hack the ISP Server.
Same goes for comlinks, do not assume that everybodys comlink is a router for everybody elses comlink, that would be to much traffic for any wireless device , dedicated satellites excluded. Wireless comunication requires a wired infrastructure like cellular phones do today.
This infrastrcture includes Server (hosts) that forward the requests to the net (basically other servers) and will also forward the results of your request back to your computer (comlink). A command or code and even an attack is such a request.
The big difference between a comlink and a host is that a host is basically a server (it serves information), which is why u can hack it from the net, a comlink however does not serve information to the net, so in order to hack it u would either hack its ISP first to get to it, or you attack it directly by intercepting and spoofing its wireless signals with next infrastructure antenna.
| QUOTE |
| Comcodes Everyone using the Matrix has a personal commcode, or Matrix address—the equivalent of a cell phone number or email address—to which their calls and messages are directed. Your commcode is usually registered with a paid Matrix service provider, though numerous free (if unreliable) and anonymous shadow-sites offer the same service. Hackers and shadowrunners— and other criminals—typically pay extra for the anonymity and extra security of a black commcode. When you’re online (and when aren’t you?), your commlink is usually set to automatically link to your provider(s) so that all calls and messages are immediately forwarded to you. You can choose to cut this link and “run silent” in order to avoid the risk of someone tracing that link to your current whereabouts (meaning your messages will be stored until retrieved later). |
| QUOTE |
| Intercept Traffic In order to intercept traffic between any two nodes or users, you must first have access to a node that the traffic passes through. For example, to intercept a comcall between a Mr. Johnson and his lackey, you either need to compromise one of their commlinks or gain access to the Matrix nodes that the comcall passes through (which could be a challenge unto itself ). Note that this action only applies to traffic passing through a wired medium; for wireless traffic, see Intercepting Wireless Signal, p. 225. The gamemaster may also require you to succeed in a Computer + Browse Test to locate the traffic flow you seek to intercept. |
i hope this clears it up.
right... so what you're saying is that i can buy myself some RFID tags (1 nuyen per 20) a firewall program (rating 6, of course) for 3,000 nuyen, and use an encrypt program (we'll assume rating 5 for chargen, so 500 nuyen) on all of those RFID tags... oh, and add in the cost of some fiberoptic cable (however much it is, i doubt that it's much more expensive than, say, myomeric cable... 20 nuyen per meter...)
the result? anyone who wants to hack my commlink has to go through some stupidly large number of encrypted firewall 6 RFIDs (i assume device rating of 1 otherwise... arguably, stealth and security tags should be higher). heck, why not run an analyse program on it to increase it's dicepool... not that it matters.
the important thing is that you're eventually going to glitch or critically glitch, no matter how big your dice pool is, because i can make you hack into 500 nodes before you get into my actual commlink. and sooner or later, if i set up enough nodes, you'll get detected. it will happen at some point or another.
of course, on the other hand, no company, no matter how much of a cheapskate they are, is going to have anything less defending their nodes... i mean, it's costing *maybe* as much as 300 nuyen for some crazy impenetrable defense hardware, and the software can conveniently be copied as much as they like. even if they don't own a legitimate master copy, you can bet there are matrix security companies offering their services who will... so you can forget about hacking anything, pretty much, because it just isn't going to happen.
the result? anyone who wants to hack my commlink has to go through some stupidly large number of encrypted firewall 6 RFIDs (i assume device rating of 1 otherwise... arguably, stealth and security tags should be higher). heck, why not run an analyse program on it to increase it's dicepool... not that it matters.
the important thing is that you're eventually going to glitch or critically glitch, no matter how big your dice pool is, because i can make you hack into 500 nodes before you get into my actual commlink. and sooner or later, if i set up enough nodes, you'll get detected. it will happen at some point or another.
of course, on the other hand, no company, no matter how much of a cheapskate they are, is going to have anything less defending their nodes... i mean, it's costing *maybe* as much as 300 nuyen for some crazy impenetrable defense hardware, and the software can conveniently be copied as much as they like. even if they don't own a legitimate master copy, you can bet there are matrix security companies offering their services who will... so you can forget about hacking anything, pretty much, because it just isn't going to happen.
That's correct. See the black box on p. 223.
Wrong, RFID are powered by wireless, they are offline without it, secondly you would have to hardwire them, which should prove quite challenging, since it is a closed circuit with microscopic (possibly nanoscopic) scale.
Sure, I see how you're explaining it now. I usually sit ont he LTG or on the matrix gateway outside the host waiting for intruders like a bouncer outside his nightclub but sure, you could have a second host and then require a passcode/passkey/exploit test to gain access. Of course, once you auithenticate you're immune to being detected as an intruder unless additional monitoring/measures are taken. If you hack in as Security access or Admin access you just create a legit account, backdate its creation, and then log out of the exploited access and log in using legit access. Then you're no longer in danger of being discovered in that node and can even dump the sprites in the other node by killing its matrix connection. I dont see a huge advantage but I'll concede that it's valid according to RAW.
In the end it makes an intruder no less able to screw the contents up and makes the defenders have to spread out more. If access were ALWAYS challenged for authentication at a chokepoint the delay created might make for good detection but as you describe it I'm not so convinced it'd be a deterrant to a hacker or even do more than slow them down a tad. Heck, take over the first (outer) node and then use it to determine all the passcodes coming in so you gather them all up. I wonder how many folks use the same passcode in multiple nodes. For that matter gather up the biometric signals and reproduce their retinal/finger prints by uploading them from saved copies as often as you like. At worst you might have to edit them in to bypass temp sensors on palm readers, etc.
In the end it makes an intruder no less able to screw the contents up and makes the defenders have to spread out more. If access were ALWAYS challenged for authentication at a chokepoint the delay created might make for good detection but as you describe it I'm not so convinced it'd be a deterrant to a hacker or even do more than slow them down a tad. Heck, take over the first (outer) node and then use it to determine all the passcodes coming in so you gather them all up. I wonder how many folks use the same passcode in multiple nodes. For that matter gather up the biometric signals and reproduce their retinal/finger prints by uploading them from saved copies as often as you like. At worst you might have to edit them in to bypass temp sensors on palm readers, etc.
| QUOTE (maeel) |
| Wrong, RFID are powered by wireless, they are offline without it, secondly you would have to hardwire them, which should prove quite challenging, since it is a closed circuit with microscopic (possibly nanoscopic) scale. |
That is a minor detail, as this example can be replicated with other kind of cheap appliances.
Keep in mind that you could also simply order such a setup.
What sort of Build/Repair roll is necessary for a homemade, hardwired RFID that already costs less than a small fry at McSoyShack? Maybe 2 hits? 
I was just pointing out that RFIDs are a poor example.
Wasabi:
Just one example, hacker A pissed off hacker B in the matrix, so hacker B tries to locate his meat to send over his pals. he succeeds until he reaches the host of hacker As ISP. In order to triangulate hacker A he has to hack into the ISP for security rights (+3). The big problem is that it is a F**CKING ISP host, meaning it will be controlled pretty good, because ISPs know that there are hackers and in fact these are what they dislike the most. Once hacker B has succeeded he can try to hack hacker As commlink.
Chaining commlinks will not stop other hackers but will slow them down and increase the chance that they fail. Chaining should be capped by response though.
Another problem i find much more disturbing is layered encryption.
The setup:
H:Hacker
D:drone
commlink HA: encryption A wired to
commlink HB: encryption B connects wireless to
commlink DB: decryption B wired to
commlink DA: decryption A
normaly u just juggle the encrypted code around until it makes sense, which wont work here because code B never makes sense because it is still encrypted...
so while normal decryption takes "encryption rating x 2, 1 Combat turn) to break this encryption i would suggest "encryption rating x 2², 1 Combat turn).
Wasabi:
Just one example, hacker A pissed off hacker B in the matrix, so hacker B tries to locate his meat to send over his pals. he succeeds until he reaches the host of hacker As ISP. In order to triangulate hacker A he has to hack into the ISP for security rights (+3). The big problem is that it is a F**CKING ISP host, meaning it will be controlled pretty good, because ISPs know that there are hackers and in fact these are what they dislike the most. Once hacker B has succeeded he can try to hack hacker As commlink.
Chaining commlinks will not stop other hackers but will slow them down and increase the chance that they fail. Chaining should be capped by response though.
Another problem i find much more disturbing is layered encryption.
The setup:
H:Hacker
D:drone
commlink HA: encryption A wired to
commlink HB: encryption B connects wireless to
commlink DB: decryption B wired to
commlink DA: decryption A
normaly u just juggle the encrypted code around until it makes sense, which wont work here because code B never makes sense because it is still encrypted...
so while normal decryption takes "encryption rating x 2, 1 Combat turn) to break this encryption i would suggest "encryption rating x 2², 1 Combat turn).
In order to hack my commlink, first you must hack.... Every single one of these toasters I am carrying! Ahahaha!
Incidentally, they also give some impact armour. And wonderful mid-fight snacking opportunities.
Seriously, guys, stop and think for a moment what this will do to the game. Jopp, you're describing a very specific two-commlink setup, but the rules you're claiming for it cover a million RFID tags or a bandolier of kitchen appliances just as easily.
My experience is that, when the proverbial excreta impacts with the ventilation, players start looking for an edge. Maybe he'll want to route his hax through another comm, then after the dust has settled, what motivation has he got to go back to two? Three? Four?
Unhackable hackers versus unhackable corporate facilities? Millions of nodes to game with? Do you actually want to do this?
Incidentally, they also give some impact armour. And wonderful mid-fight snacking opportunities.
Seriously, guys, stop and think for a moment what this will do to the game. Jopp, you're describing a very specific two-commlink setup, but the rules you're claiming for it cover a million RFID tags or a bandolier of kitchen appliances just as easily.
My experience is that, when the proverbial excreta impacts with the ventilation, players start looking for an edge. Maybe he'll want to route his hax through another comm, then after the dust has settled, what motivation has he got to go back to two? Three? Four?
Unhackable hackers versus unhackable corporate facilities? Millions of nodes to game with? Do you actually want to do this?
| QUOTE |
| What does subscribing/slaving a device mean, in terms of access/hacking? If a device is subscribed to someone else's commlink, can you hack/spoof that device directly, or do you need to hack the commlink first? If a group of devices were subscribed in a daisy-chain together, could you hack the last device directly, or would you need to hack them all in successive order? The act of subscribing is merely the act of creating and maintaining a connection between two nodes. Subscribing does not automatically grant access to a node (unless it happens to be a public all-access node) -- that is the purview of accounts. Subscribing is essentially the "handshake" that occurs between two nodes, a protocol check and very basic form of authentication so that each node knows it's connecting with the right other node. Slaving isn't really covered in the basic rules (you'll see more about this in Unwired), but it essentially counts as instructing one node to only communicate and take orders from another node (or nodes). The instruction to slave a node can only come from someone with admin privileges. In the basic rules, subscribing and slaving have no effect on hacking or spoofing commands. The act of hacking and/or spoofing is presumed to incorporate an impersonation of a legitimate connection (that's why you need a successful Matrix Perception Test before you can spoof a command). You will likely see an advanced/optional rule in Unwired that makes hacking/spoofing a slaved node trickier. This means that even if multiple nodes are daisy-chained together, each subscribed or slaved to the next, you don't need to hack/spoof them all in order to hack/spoof the last one -- you can go straight to the last node and attempt to hack/spoof it. Note that if a node that has other nodes slaved to it (we'll call this the master node) is hacked, then the hacker has open access to the slaved nodes as well (i.e., he does not need to hack them). |
Reposted since it seems not to be read.
The FAQ makes this pretty clear.
1) 'subscribing' is not granting you any persmissions. It is establishing a connection.
| QUOTE |
| The act of subscribing is merely the act of creating and maintaining a connection between two nodes. Subscribing does not automatically grant access to a node |
2) By the basic rules is something is on the matrix it is 'on the matrix'. It is either Isolated 'totally seperate' or you can access it directly.
| QUOTE |
| In the basic rules, subscribing and slaving have no effect on hacking or spoofing commands. The act of hacking and/or spoofing is presumed to incorporate an impersonation of a legitimate connection (that's why you need a successful Matrix Perception Test before you can spoof a command). You will likely see an advanced/optional rule in Unwired that makes hacking/spoofing a slaved node trickier. |
3) To continue this line. Chaining doesn't help. If a node (doesn't specify wireless/wired/or meta-magic-mumbo-jumbo-techno-crypticed) is connected it can be reached, without having to go through intermediary nodes. You do so by 'pretending' to be a legitimate user. Pwnzyou is not attempting to access your Commlink, rather it appears as if Zurich-Orbital Refund Department is attempting to access your commlink.
| QUOTE |
| This means that even if multiple nodes are daisy-chained together, each subscribed or slaved to the next, you don't need to hack/spoof them all in order to hack/spoof the last one -- you can go straight to the last node and attempt to hack/spoof it. Note that if a node that has other nodes slaved to it (we'll call this the master node) is hacked, then the hacker has open access to the slaved nodes as well (i.e., he does not need to hack them) |
You may not like it (I have some problems with it). You may think it really couldnt work like that in a 'real' world; however, until Unwired comes out, by RAW that is the rules.
Peace
Although it could be house ruled differently using a Trace program does indeed get you the physical jackpoint of the victim. ["Track Action", BBB p219]
The largest vulnerability of a multihost/chained system is locating an intruder. They needn't go to the end of the chain to decrypt. They just have a dozen agents spread through the first three nodes taking as long as they like to decrypt the datastream while the hacker flies cover. If an inner node is being a problem and you have admin rights on a outer node, simply invalidate the other passcodes and let the owner hack his own node. Then as soon he does, manually set off an alarm. Hack his node, initate a reboot, log off, and let him spend his time not taking dumpshock.
Multi-node schemes are colorful but not "all that and a bag of chips".
The largest vulnerability of a multihost/chained system is locating an intruder. They needn't go to the end of the chain to decrypt. They just have a dozen agents spread through the first three nodes taking as long as they like to decrypt the datastream while the hacker flies cover. If an inner node is being a problem and you have admin rights on a outer node, simply invalidate the other passcodes and let the owner hack his own node. Then as soon he does, manually set off an alarm. Hack his node, initate a reboot, log off, and let him spend his time not taking dumpshock.
Multi-node schemes are colorful but not "all that and a bag of chips".
I think it is save to assume that subscription is only necessary for wireless connected devices. Reallife example: your mobile phones bluetooth headset needs to be subscribed to your phone, while your cable headset does not.
Narmio: go ahead with your toasters, just make sure the power cable is long enough..
But seriously if a GM allows chaining and i see no reason not to, he should also cap it.
Wasabi: i dont understand what you mean.. mind to elaborate?
Narmio: go ahead with your toasters, just make sure the power cable is long enough..
But seriously if a GM allows chaining and i see no reason not to, he should also cap it.
Wasabi: i dont understand what you mean.. mind to elaborate?
| QUOTE (Narmio) |
| Seriously, guys, stop and think for a moment what this will do to the game. |
Won't somebody please think of the children?
maeel:
What I'm saying is that if an intruder wants to listen in he can do it anywhere along the 'pipe' and the 'pipe's length aids the intruder.
What I'm saying is that if an intruder wants to listen in he can do it anywhere along the 'pipe' and the 'pipe's length aids the intruder.
Ok, i think i know what you mean, keep in mind my example only applies to connections between two identical chains.
The point i was trying to make is that multilayered encryption poses a much bigger problem in game terms than chaining does. Theoretically you could simply run two encryption programs on one commlink. The time to decrypt does not increase linear with the layers of encryption, but possibly exponentialy if not worse.
if allowed by the GM this has to capped (system? response?)
The point i was trying to make is that multilayered encryption poses a much bigger problem in game terms than chaining does. Theoretically you could simply run two encryption programs on one commlink. The time to decrypt does not increase linear with the layers of encryption, but possibly exponentialy if not worse.
if allowed by the GM this has to capped (system? response?)
A hacker is limited in how many programs can be loaded at once but a TM isn't limited on how many Complex Forms he can load at once. ACK!
A TM could compile a sprite to use its hash power...
| QUOTE (Wasabi) |
| I dont see a huge advantage but I'll concede that it's valid according to RAW. |
I agree, it isn’t THAT much of an advantage but since a hacker is limited by his response regarding active programs you can load beef up the commlink with higher defenses by using more agents without dropping the response. A Response 5 Commlink can have 9 active rating 4 programs, and since agents are limited to 4 it’s a good number to use. So my regular setup is the following:
Rating 6 Firewall
Encryption (Signal) (If they try to hack the signal)
Encryption (Device) (Must decrypt before hacking)
Databomb (Device) (Must defuse before hacking)
Analyze (Around the clock surveillance)
Agent 1
Agent 1 Analyze (Counts as an active program by FAQ when agent uses it)
Agent 2
Agent 2 Analyze
Agent 3 (on standby and will start Analyzing and report to user if Databomb is disabled)
It’s not über but it is above professional rating of a by-the-book hacker (rating 3)
That means that I can run a hacking setup with 9 programs not dedicated for defensive measures like above.
Ok, lots will say that this is no good hacker with “only” rating 4 programs and no rating 6 whatnot but I don’t really care since the hacker got the skills for the job and above average hardware.
| QUOTE (Rotbart van Dainig) | ||
Won't somebody please think of the children? |
Children? Perfect!
A whole line of them, all with implanted commlinks and a skinlink unit, all holding hands, with a hacker at the end. In order to stop me, you must first hack Mrs Mugwirth's first grade class!
But thanks to the FAQ-poster. That line about "if it's on the matrix, it's on the matrix" is always how I've run it.
| QUOTE (Narmio) |
| But thanks to the FAQ-poster. That line about "if it's on the matrix, it's on the matrix" is always how I've run it. |
I do agree to that in a sense but in regards to nodes, especially wired nodes it all comes down to the fact that you DO have to hack those you do not have access to.
Why on earth would corporations have tiered networks otherwise if the hacker can just go directly to the source and ignore all the security hosts/nodes that are supposed to stand before it.
It would be like teleporting directly into fort knox to open the big safe (node 4) and ignore the huge fence with guards surrounding it (node 1) the locked gate to the building with two huge dogs (node 2) and finally the guardroom that stands between the gate and the vault door (node 3).
NOTHING is “on” the matrix, it’s all on nodes as the matrix is built on nodes, there is no supernode that stores all the matrix. It can be wired or it can be wireless and IF you can find the signal to a wireless node, sure, you can hack it directly, otherwise you have to take the long route.
The main reason no-one sits with X amounts of beefed up nodes is the hassle of passcodes, clearances, networking problems and not to mention support staff for all those nodes.
Sure, a hacker COULD be the commlink carrier OF DOOM and have them all connected but it would be too much hassle. Sure, he would be defended from attack but so what, there are TONS of things a node that is being hacked can do, and will do instead of hunting down a hacker. The only reason for sitting with it if he/she is paranoid of getting his Commlink hacked as it will not stop his persona getting attacked, his drones/agents spoofed or signal tapped.
the thing is, there are no rules given for tiered networks, or chokepoints, or anything like that. so far as we know, that could just as easily be an explanation of the difference between a node with firewall 1 and a node with firewall 6, rather than actually being represented by actual nodes.
and making stuff effectively unhackable is a problem with the game. arguing otherwise is like arguing that since a critter with immunity to normal weapons can still be harmed by magic, it wouldn't be unbalancing to the game if you just handed it out to everyone.
just because you can do other things to an unhackable node doesn't make it acceptable that the node is hackproof.
and making stuff effectively unhackable is a problem with the game. arguing otherwise is like arguing that since a critter with immunity to normal weapons can still be harmed by magic, it wouldn't be unbalancing to the game if you just handed it out to everyone.
just because you can do other things to an unhackable node doesn't make it acceptable that the node is hackproof.
| QUOTE (Jaid) |
| the thing is, there are no rules given for tiered networks, or chokepoints, or anything like that. |
| QUOTE (SR4v3 @ p 223, Network Security) |
| Not all networks are configured as mesh networks—many corporate systems, in fact, retain a traditional tiered network structure. In a tiered structure, some systems can only be accessed through another system first, with the most secure systems hiding behind several layers of security. These networks employ a wide variety of tricks to limit access, including high-security traffic chokepoints or vanishing, teleporting, secret trap-door, or one-way access nodes. Some of these systems and networks are only accessible from private grids or are entirely isolated from the Matrix. |
I do agree that it opens up a can of worms in regard to the endless node hacker with X amount of tiered commlinks that he has hidden about his person, but that is just ONE possible way of upping the defense.
Lets look at it from another view then, you skip the tiered node setup and just get 1+ extra commlinks with agents in it. They are all on standby and watch your commlink for intrusion 24/7 and runs constant Analyze too see if someone is stupid enough to hack it.
That is a perfectly valid wireless defence since your commlink is fully hackable but you have 4+ extra Analyze checks at the moment of intrusion and whoever hacked it will most likely be spotted.
We have then skipped the “extra” commlink but added a larger amount of agents from commlinks with a signal setting of zero which gives them an effective range of 0-3 meters so whoever hacks you wont pick up their signal,but they can connect to your commlink.
Add also that the agents have secondary offensive programs...
Lets look at it from another view then, you skip the tiered node setup and just get 1+ extra commlinks with agents in it. They are all on standby and watch your commlink for intrusion 24/7 and runs constant Analyze too see if someone is stupid enough to hack it.
That is a perfectly valid wireless defence since your commlink is fully hackable but you have 4+ extra Analyze checks at the moment of intrusion and whoever hacked it will most likely be spotted.
We have then skipped the “extra” commlink but added a larger amount of agents from commlinks with a signal setting of zero which gives them an effective range of 0-3 meters so whoever hacks you wont pick up their signal,but they can connect to your commlink.
Add also that the agents have secondary offensive programs...
| QUOTE (The Jopp) |
| [QUOTE=Narmio,Apr 18 2007, 07:20 AM] It would be like teleporting directly into fort knox to open the big safe (node 4) and ignore the huge fence with guards surrounding it (node 1) the locked gate to the building with two huge dogs (node 2) and finally the guardroom that stands between the gate and the vault door (node 3). |
Hi All,
New GM here, struggling with matrix issues. Fun discussion.
I would rule that if Fort Knox never accepts data from the matrix, then all previous levels have to be hacked. On the other hand, if the characters find out that foolish guard likes to play WoW XII every evening from a terminal in Fort Knox, then the hacker only has to beat node 4, not the other nodes.
I see the point that is being made about intervening nodes checking everything out before passing it on, thereby enhancing security at the cost of response. Perhaps raising the threshold would be a way to account for the various analyze programs that are running in the intermediate nodes, and not add any dice rolls. Anything else already complicates a slow, confusing (at least to me) system.
Same thing if one of my players spent hard-earned nuyen for an arrangement like this, raise the threshold for intruders. Almost all electronic devices are supposed to be hackable but some are harder than others.
Sleepyman
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.