I'm not a total newbie when it comes to Shadowrun 4th ed, but this is the first game I've run where hacking is being emphasised, and I want to get it right. Here's how I've designed my network.
The building has two machines directly connected to the Matrix, one which is a fairly average system that all the normal traffic goes through, and the other that's a VPN to the regional office, so it's subscribed only to the regional office's computer. Both of those connect to a central system where all of the various user machines and file servers and what not connect together. Finally, there's a security computer connected to that which is in turn connected to all the cameras and door locks.
So for each of these nodes, what stats do I need to list? Obviously they'll each need a Response, Firewall, and System stat. What other things do I need? I want this to be a pretty easy target since this is their first run, but I also want that VPN server to be tempting, and to swat down anyone who's feeling overconfident.
Full Version: Designing a Computer System to Hack
First, I better caveat that you could get four different answers from three different people to your question. The below is my version of what I think you want. Others might do it differently, but the below doesn't have any house rules in it, it's strictly RAW. And I think it would probably be about right for a starting, non min-maxed hacker, representing a small corp. Swap the IC on the regional sub-system node for something more direct if that suits you better. And you might want to add an Armour program if you feel it's too vulnerable. I would run a sample encounter between the PC and that node / IC to see if it hits the balance that you want.
Hope this is helpful,
-K.
There are four nodes in total. I list these as follows:
Node 1 - Matrix Gateway (System 3, Response 3, Firewall 3):
Purpose: A chokepoint system that guards remote access to the internal systems of the site and manages all external connections.
Accessibility: This node has a matrix address tied to the company and can be located on the matrix with a "Easy" Data Search roll - Data Search + Browse (2, 1 minute). The node can be accessed wirelessly from within the building.
Matrix / AR Imagery:
Agent (Pilot: 2, Analyze 1):
A user-interface system operates on this node to deal with visitors, i.e. take messages for the company, direct people to the appropriate person for their enquiry, etc. In VR, it takes the image of a japanese elf in a crisp, tight suit. The corporate logo glitters in gold on her lapel and her face is VR perfection. It is capable of holding moderately sophisticated conversations in areas of its expertise. If unable to deal with a visitor, it will contact a (meta-)human for assistance.
The agent will approach any visitor to the node that it detects with a matrix perception test (Pilot Rating + Analyze vs. Hacking + Stealth). If "killed", the agent will be restarted later.
Node 2 - Office Network (System 4, Response 3, Firewall 2):
Purpose: The mesh of terminals and servers in the office which the employees use for their day to day work. All the systems comprise one big integrated node. Logging on to almost any terminal in the building is logging onto this node.
Accessibility: This node has no direct external access to the matrix. It is subscribed to both the gateway node (Node 1) and the Regional Office Sub-System (Node 3) and can be accessed from both of these. Note that user accounts gained from hacking Node 1 are not necessarily valid for Node 2, meaning it has to be re-hacked. However, the reverse is not true.
Matrix / AR Imagery:
IC (Pilot 2, Analyze 2, Attack 2, Armour 2):
The purpose of this IC is to investigate and deal with any unauthorised intruders on the network. It is normally inactive and will only be triggered if the node itself detects an intruder or if it is approached / attacked by an intruder. After doing so, it will remain on alert for up to an hour, investigating any other intruders. Note that when the IC activates, this reduces the node's repsonse time to 2. The IC will not pursue users beyond the current node, but it will send an alert to it's masters if left active after a confirmed encounter with an unauthorised user.
Matrix / AR Imagery: This is a standard off-the-shelf Renraku "White Samurai" package. The corp haven't even modified the standard oriental swordsman imagery or gleaming white colour. If an AR user is attacked, he will likely see diagnostic and security messages flashing across his interface.
Node 3 - Regional Office Subsystem (System 4, Response 4, Firewall 3):
Purpose: This node is a sub-system of the remote, regional office system. For practical purposes it is part of another system and acts as a choke-point preventing unauthorised access or usage by ordinary employees.
Accecssibility: This node is accessible only from the remote regional office and the internal network. It is not directly accessible wirelessly. That is not to say that a user could not be connected to the system through a wireless commlink, but that they would be connected first to Node 2 and then make their way from there to Node 3. A user account valid for Node 2, is not necessarily valid for Node 3, meaning that the node must be hacked independently of any previous successful hacks into Node 2. The reverse is not true, however, should a user enter from the regional office.
IC (Pilot 4, Analyze 4, Stealth 5, Track 3):
The security of this node is important and it is not sufficient to merely boot off an intruder. Instead, it is necessary to locate and investigate the intruder. The IC on this node is active, but will normally be running on Stealth and Analyze. On detecting an intruder (whether through it's own analysis of subscribed users or through the node going on the alert), it will load the Trace program from a data store in the node itself. This can alert savvy hackers who notice the sudden degredation of the node's response time but did not detect the IC on entering.
The IC attempts to locate the user with an extended Track test (SR4, pg. 219). If the user is connected to a physical location off-site then either corporate security or Lonestar will be passed the details. If the user is located within the premises then details are immediately passed to the security systems. In all cases, information is preserved for future investigation.
If detected, the IC has a visual representation as a grey-clad electro ninja.
Node 4 - Security System (System 2, Response 2, Firewall 4):
This node controls the security cameras, door locks, etc. throughout the site. It only has Security and Admin levels of access, meaning any hacking attempt must accept these penalties. Individual cameras, doors, etc, can be attacked on their own of course, but access to the security node is the real prize.
There is no IC on the security node, but it is frequently interacted with by the security staff, so care must be taken not to take any actions that will alert those using it. E.g. Edit actions should be taken to pass false images back to the terminals in the security office, so that cameras that are turned off continue to appear to function, etc.
Accessibility: The node is accessible wirelessly throughout the site, but has no direct connection to the other nodes.
Hope this is helpful,
-K.
There are four nodes in total. I list these as follows:
Node 1 - Matrix Gateway (System 3, Response 3, Firewall 3):
Purpose: A chokepoint system that guards remote access to the internal systems of the site and manages all external connections.
Accessibility: This node has a matrix address tied to the company and can be located on the matrix with a "Easy" Data Search roll - Data Search + Browse (2, 1 minute). The node can be accessed wirelessly from within the building.
Matrix / AR Imagery:
Agent (Pilot: 2, Analyze 1):
A user-interface system operates on this node to deal with visitors, i.e. take messages for the company, direct people to the appropriate person for their enquiry, etc. In VR, it takes the image of a japanese elf in a crisp, tight suit. The corporate logo glitters in gold on her lapel and her face is VR perfection. It is capable of holding moderately sophisticated conversations in areas of its expertise. If unable to deal with a visitor, it will contact a (meta-)human for assistance.
The agent will approach any visitor to the node that it detects with a matrix perception test (Pilot Rating + Analyze vs. Hacking + Stealth). If "killed", the agent will be restarted later.
Node 2 - Office Network (System 4, Response 3, Firewall 2):
Purpose: The mesh of terminals and servers in the office which the employees use for their day to day work. All the systems comprise one big integrated node. Logging on to almost any terminal in the building is logging onto this node.
Accessibility: This node has no direct external access to the matrix. It is subscribed to both the gateway node (Node 1) and the Regional Office Sub-System (Node 3) and can be accessed from both of these. Note that user accounts gained from hacking Node 1 are not necessarily valid for Node 2, meaning it has to be re-hacked. However, the reverse is not true.
Matrix / AR Imagery:
IC (Pilot 2, Analyze 2, Attack 2, Armour 2):
The purpose of this IC is to investigate and deal with any unauthorised intruders on the network. It is normally inactive and will only be triggered if the node itself detects an intruder or if it is approached / attacked by an intruder. After doing so, it will remain on alert for up to an hour, investigating any other intruders. Note that when the IC activates, this reduces the node's repsonse time to 2. The IC will not pursue users beyond the current node, but it will send an alert to it's masters if left active after a confirmed encounter with an unauthorised user.
Matrix / AR Imagery: This is a standard off-the-shelf Renraku "White Samurai" package. The corp haven't even modified the standard oriental swordsman imagery or gleaming white colour. If an AR user is attacked, he will likely see diagnostic and security messages flashing across his interface.
Node 3 - Regional Office Subsystem (System 4, Response 4, Firewall 3):
Purpose: This node is a sub-system of the remote, regional office system. For practical purposes it is part of another system and acts as a choke-point preventing unauthorised access or usage by ordinary employees.
Accecssibility: This node is accessible only from the remote regional office and the internal network. It is not directly accessible wirelessly. That is not to say that a user could not be connected to the system through a wireless commlink, but that they would be connected first to Node 2 and then make their way from there to Node 3. A user account valid for Node 2, is not necessarily valid for Node 3, meaning that the node must be hacked independently of any previous successful hacks into Node 2. The reverse is not true, however, should a user enter from the regional office.
IC (Pilot 4, Analyze 4, Stealth 5, Track 3):
The security of this node is important and it is not sufficient to merely boot off an intruder. Instead, it is necessary to locate and investigate the intruder. The IC on this node is active, but will normally be running on Stealth and Analyze. On detecting an intruder (whether through it's own analysis of subscribed users or through the node going on the alert), it will load the Trace program from a data store in the node itself. This can alert savvy hackers who notice the sudden degredation of the node's response time but did not detect the IC on entering.
The IC attempts to locate the user with an extended Track test (SR4, pg. 219). If the user is connected to a physical location off-site then either corporate security or Lonestar will be passed the details. If the user is located within the premises then details are immediately passed to the security systems. In all cases, information is preserved for future investigation.
If detected, the IC has a visual representation as a grey-clad electro ninja.
Node 4 - Security System (System 2, Response 2, Firewall 4):
This node controls the security cameras, door locks, etc. throughout the site. It only has Security and Admin levels of access, meaning any hacking attempt must accept these penalties. Individual cameras, doors, etc, can be attacked on their own of course, but access to the security node is the real prize.
There is no IC on the security node, but it is frequently interacted with by the security staff, so care must be taken not to take any actions that will alert those using it. E.g. Edit actions should be taken to pass false images back to the terminals in the security office, so that cameras that are turned off continue to appear to function, etc.
Accessibility: The node is accessible wirelessly throughout the site, but has no direct connection to the other nodes.
If your really sneaky you don't connect the security systems to a matrix active box, instead it operates on a wired PAN and setup to be rigged by security riggers.
| QUOTE (bait) |
| If your really sneaky you don't connect the security systems to a matrix active box, instead it operates on a wired PAN and setup to be rigged by security riggers. |
I'm trying to give the feeling that the network setup for this regional office was done by an amature who was just given a bunch of equipment and told to "make it happen," so I'm not going to do anything very sneaky, at least until my crew tries to hack into the regional headquarters through Node #3.
Thanks Knasser, this gives me a good starting point, and shows me a good template for designing more systems later.
Hey would't the gateway node also need an Analyze program of it's own to detect someone hacking in? Rating 3 at least! Otherwise, almost any hacker can come right in and wreak havoc on their "webpage".
| QUOTE (FriendoftheDork) |
| Hey would't the gateway node also need an Analyze program of it's own to detect someone hacking in? Rating 3 at least! Otherwise, almost any hacker can come right in and wreak havoc on their "webpage". |
It ought to still make a roll, but it will only get to roll Firewall. A GM could rule that it isn't allowed to roll without the program and could make a reasonable case for that under RAW, however. Still, the advantage is with the hacker in this instance, There's still a chance a lazy hacker could get noticed, but my brief was low-security but tougher on the regional office connection.
Adding Analyze 1 to the node wouldn't go amiss.
| QUOTE (Dewar) |
| I'm not a total newbie when it comes to Shadowrun 4th ed, but this is the first game I've run where hacking is being emphasised, and I want to get it right. Here's how I've designed my network. The building has two machines directly connected to the Matrix, one which is a fairly average system that all the normal traffic goes through, and the other that's a VPN to the regional office, so it's subscribed only to the regional office's computer. Both of those connect to a central system where all of the various user machines and file servers and what not connect together. Finally, there's a security computer connected to that which is in turn connected to all the cameras and door locks. So for each of these nodes, what stats do I need to list? Obviously they'll each need a Response, Firewall, and System stat. What other things do I need? I want this to be a pretty easy target since this is their first run, but I also want that VPN server to be tempting, and to swat down anyone who's feeling overconfident. |
Knasser said it best, there are many different ways to look at Matrix systems and equally as many answers.
Here are a few visual system setups:
Option 1
Option 2
Option 3
You can add Agents that patrol and query users/action or just respond to problems. Common/Application/File nodes would have Edit/Analyze programs running as needed to allow users to change content, etc.
You can make your systems as complex or simple as you'd like.
I hope this helps.
Ok I'll try and write something later when I have time. But I warn you that the archtype hacker from the book (the erratad one anyway) will blow right through the regional node knasser proposed if they probe and without analyze loaded it'll be pretty trivial to hack on the fly (even if the IC implies it has analyze 2 it'll still be pretty trivial).
And node 4 either has a typo or isn't a legal set of values (firewall higher than system).
Also note that to a high degree SR4 is trying to do away with chokepoints. I believe this largely to be because since the beginning people have been complaining about other players going out and getting a pizza while the hacker does their thing, and we've never really stopped.
Anyway the current RAW/FAQ interpritation is that if a device has accesses the matrix, than the matrix has access to it. So while a security camera isn't directly hackable because it isn't on the matrix proper, if somebody is accessing the matrix via their comlink through servers X, Y and Z a hacker could hack them directly from the matrix. Hence why so many corps use RF paint and the like to isolate regions of their offices from the matrix proper. (Also I'm betting being disconected from the matrix often increases productivity
)
So here would be my take on the system. Uh, later gotta go.
And node 4 either has a typo or isn't a legal set of values (firewall higher than system).
Also note that to a high degree SR4 is trying to do away with chokepoints. I believe this largely to be because since the beginning people have been complaining about other players going out and getting a pizza while the hacker does their thing, and we've never really stopped.
Anyway the current RAW/FAQ interpritation is that if a device has accesses the matrix, than the matrix has access to it. So while a security camera isn't directly hackable because it isn't on the matrix proper, if somebody is accessing the matrix via their comlink through servers X, Y and Z a hacker could hack them directly from the matrix. Hence why so many corps use RF paint and the like to isolate regions of their offices from the matrix proper. (Also I'm betting being disconected from the matrix often increases productivity
)So here would be my take on the system. Uh, later gotta go.
| QUOTE (sunnyside) |
| And node 4 either has a typo or isn't a legal set of values (firewall higher than system). |
Nope, the FAQ covers this:
| QUOTE |
| Does the maximum program rating limited by the System rating apply to Firewall? Can you have a node with a Firewall rating higher than System rating? That limitation only applies to regular software (common use and hacking programs), not the Firewall. |
FYI
I think for a beginning hacker group, knasser has a solid setup for you. Whether or not a hacker will rip through to the regional office or not, isn't a big deal, IMO. If you want to make that regional node "off limits", just make it a higher rating node and a ton of IC. That way, if your hackers try to enter that node, you just brute force them out...
Ah yes I forget that the FAQ occasionally has functional errata.
Anyway what my convoluted post back there was trying to say is that when making matrix systems it plays better on the table to have simpler topology. The system "helps" with this by not having true firewalls in the classic sense of the term where you have a "chockpoint" type system. You only kinda get one system in the way of users. And then only if your player doesn't know the AID of any system on the other side, because to sniff traffic they have to have hacked into a node it's going through.
Instead if you want to recreate the feeling of a VPN I'd suggest using the clear as mud encryption guarding IC on page 225. I have IC like that babysit data streams and let it make a matrix perception test whenever someone interacts with that data stream (such as decrypting).
Anyway what my convoluted post back there was trying to say is that when making matrix systems it plays better on the table to have simpler topology. The system "helps" with this by not having true firewalls in the classic sense of the term where you have a "chockpoint" type system. You only kinda get one system in the way of users. And then only if your player doesn't know the AID of any system on the other side, because to sniff traffic they have to have hacked into a node it's going through.
Instead if you want to recreate the feeling of a VPN I'd suggest using the clear as mud encryption guarding IC on page 225. I have IC like that babysit data streams and let it make a matrix perception test whenever someone interacts with that data stream (such as decrypting).
| QUOTE (sunnyside) |
| Ah yes I forget that the FAQ occasionally has functional errata. |
that's not an errata. firewall is one of the system's attributes. you must understand that there are programs and then there are Programs. firewall is a program, but it is not a Program (for example, technomancers cannot thread firewall. or skillsofts. or knowsofts. or linguasofts, or datasofts, or ARE programs, or agents, or....)
| QUOTE (sunnyside) |
| Ok I'll try and write something later when I have time. But I warn you that the archtype hacker from the book (the erratad one anyway) will blow right through the regional node knasser proposed if they probe and without analyze loaded it'll be pretty trivial to hack on the fly (even if the IC implies it has analyze 2 it'll still be pretty trivial). |
Yes. The sample hacker in SR4 would be able to get into the regional node fairly easily, barring bad luck. I felt constrained from setting the node attributes too high for a fairly basic corp, given that they only go up to 6 (normally). So I took the approach of using some sensible security measures. There's a good chance that a hacker wont notice the grey ice lurking in the node as they have to roll against Firewall + Stealth with ties going in the IC's favour. Even with net hits, they might not get a large amount of information and be left with some uncertainty as to what to do with it. If the IC does start tracing the hacker's location, then the player is going to get a valuable lesson.
I guess my intention with the regional node is not so much ultimate security as drum into the new player security measures that they need to keep in mind - are they checking for IC / other hackers when they enter somewhere, are they stealthed, have they done a redirect before entering, if they're not sure what something is / is doing, do they know how to handle it, are they aware that there are more dangerous traps than those which dump you out of the matrix in cybercombat?
That's where I'm coming from, anyway. If you want to make the node actually secure, then another point of firewall and perhaps some additional IC to keep the hacker busy whilst the other IC tries to trace him. IC doesn't have to be very powerful to stop someone jacking out so I kind of like the idea of one piece of IC keeping him pinned in the matrix whilst its counterpart is visibly locating his body whilst he struggles with the first.
| QUOTE (Sunnyside) |
because to sniff traffic they have to have hacked into a node it's going through. Instead if you want to recreate the feeling of a VPN I'd suggest using the clear as mud encryption guarding IC on page 225. I have IC like that babysit data streams and let it make a matrix perception test whenever someone interacts with that data stream (such as decrypting). |
These are both very good points that new GMs should keep in mind. Also, I have IC built into files occasionally as a more active form of encryption. It's my view that in the modern matrix, there is no such things as a pure data file. The sophistication is such that effectively everything is, or can be, a program.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.