So, for those of you running Shadowrun, how secure do you tend to make the facilities being infiltrated? I'm sort of at a quandary myself on the issue -- I want the game to be at least reasonably realistic when it comes to security measures for the various companies, but if done that way, most running teams won't have the means or the know-how to overcome them (player-wise).

For example, I would expect most places to have cameras covering most hallways. These cameras would have a low 'signal' for people to hack into them, since they would have a physical connection to central security. So someone couldn't just walk in and 'hack' the cameras. The matrix for the cameras would be separate from any of the more public locations, to prevent hacking.

Most of the doors would not be connected to the matrix -- they'd have their own maglocks and such, independent from one another, so that people couldn't just take over the entire door-security system or hack the matrix from the first door they come to.

I would figure most security guards would have bio-monitors so that security would know the moment something happens to them. They'd also be connected to a skill database, so if something comes up, BAM, they have the skills needed to do the job.

I think most rooms, when not in active use, would have motion detectors.

I mean, this is all very 'basic' stuff, but it would screw any 'stealth crew' type runners, big time. :\

How do you handle security?

There are some assumptions made about how SR world security works that allows things like sequencers and passkeys to work. In the real world, electronic locks usually have lockout periods, often triggering alarms, if you enter several invalid credentials.

The RW issue with things like cameras and maglocks is that you have to run a power line to run them, so why the hell not run a network link instead of using wireless? But that is part of SR4....

Anyhow, there are going to be exceptions. For example I'd consider a "really secure" site to be the Joint Chiefs of Staff Sensitive Compartmented Information Facility inside the National Military Command Center. Really secure sites should have everything you can think of, with no approach you can see that would defeat the security, and furthermore you can safely assume that anything the players can come up with was thought of by the designers, or the reviewers, or the audit teams, or the security forces, or the penetration testers, or the red team. You can't hack anything, it's all fiber optics with RF shields on the power feeds, etc.

But there are not very many sites like this, and if your players are not getting a new "real" ID and permanent high lifestyle out of the Johnson they shouldn't even be thinking of trying a site like that.

One approach is to make it as secure as you can, then add flaws.

The guard captain is heavily indebted to the mob, so is open to bribes or favour from mob contacts.

The camera system, supposedly covering every inch, has a known defect and in often has to reboot (or hell, isn't even on - you'd be surprised how often that hapens).

Human element failure and technological failures are Shadowrunners best friends.

Improved invisibility and illusion spells can render cameras useless. Guards tend to be lax where access is limited (locked building, only authorized people are allowed in by the system, etc). Cameras with wires can still be tapped into.

Social engineering, maintenance crews, drones. PCs may even enter during normal work hours and not even be noticed. Some sits are fairly open to the public during business hours.

The doors are probably centrally controlled so guards can lock in or secure intruders. Having independent doors is a big pain to get them synchronized and PCs can hack the doors. The doors would probably not be guarded by ICs because processing power is not high enough.

Guards have sensors on them, but they can be spoofed.


Just remember security costs will be much less than the site they are protecting. If the cost of security exceeds the potential losses then it won't be implemented. A warehouse full of socks will have security against vandalism or environmental issues such as fire. A gold depository will have an entire military base protecting it.

Actually, to give you an example...
My wife works at a bookstore. Low key, indie bookstore. The security system is connected to one pad in the middle of the store, out of sight. When activated, you have one minute to leave and lock the door behind you, because the entire store is then covered by motion detectors. If triggered, you can't turn it off -- and the phones go dead. You have to wait until the police show up to check things out. If you added cameras to this, that's a really annoying security system for a Shadowrun team to deal with.

Mythbusters did a thing with beating motion detectors during an episode. Some of the successful techniques they found wouldn't work well against multiple motion detectors, but the one where they can't see you if you just move really slowly would still work, and wearing a chameleon suit would also negate the cameras. Now, you would take a long time to get to the pad, but once there you can hack it and own the place. (or your offsite hacker can do that now that you have a retrans unit there.)

That, and only that. Fiberoptic wires alone cost 5Y per meter, which adds up quickly. How many meters do you need to connect every single camera in the facility? There's a reason most facilities run wireless: it's cheap, and corps like cheap.

Also, going wired means less info for the security tacnet, unless they walk around with really long datajack cables. Most intruders aren't runner teams, so this is usually a bigger concern than having your cameras hacked.

Finally, all this assumes the Runners are sneaking in by remaining unseen, rather than using disguises and fake credentials. This can be stopped as well, but it comes down to employee convenience.

Most corporate executives don't like being asked for biometrics every time they open a door in the R&D wing, and it's a good idea not to piss off people that could repossess your cybereyes.

I've kind of been waiting for something like this. Schneier has a useful tool for designing security. Generate a series of "Attack" trees to encompass legitimate uses of the site, and a set to encompass illegitimate uses. Come up with a budget and start making choices that maximise the illegitimate use cost whilst minimising the legitimate use cost that can fit into the budget. Remember that everything costs at least three times as much for the security side.

Calculate the "cost" to attackers in the expected number of hits/threshold they'll face for each action.

Sounds paranoid to me.

In a building designed for public use, one would at least require a command to open all the doors in case of fire. If one can issue that command, one can spoof it.

It would also be a real pain to maintain access control, as each door has its own access data base. And the more complicated, the more likely there will be failures in that maintenance, meaning expired or wrong passcards do work.

The door to the most secure room in the building could work like that, but not the whole building.

1) I establish the baseline security for the system, limited in cost by the value of what it's guarding, limted in complexity by the skill of the people maintaining it.

2) I reduce the security to meet other business and safety requirements (such as fire doors, backing up data and so on).

3) I reduce security as appropriate for cost-saving measures (if the cameras cost less to install by making them wireless, I may do this, if appropriate. If drones are cheaper than guards, I may do that, etc.)

4) I reduce security based on convenience, laziness and incompetence. The guard doesn't check badges, the cameras aren't properly watched, doors are left open so people can move boxes back and forth without having to swipe their card each time, passwords are left in the desk drawer, the firewalls aren't properly configured and are running at less than full rating, etc.

If I don't feel that's enough, I'll include specific flaws in the systems, such as the plasticrete that turns gelatinous when sprayed with a particular chemical and such.

If you don't make it tough, there's no challenge, and players have a tendancy to surprise, so don't feel bad about making things look tough. They'll figure out a way. They always do.

And the pads normally are in a small hole not covered by motion sensors, as all the sensors have be not detecting something to arm every system I've seen.

Like many things, the price given in the the book is for a small quantity bought retail. When you order a truckload from a wholesaler it's a lot cheaper.

And RW, SM fiber is actually pretty cheap. It certainly isn't $3 per foot per fiber. I had a 216 fiber cable 1500 feel long purchased and installed for $30,000 including labor and termination of 96 strands.

Most corps in shadowrun care more about ease of use then security. This is for two reasons. The first is that you need to create facilities the team can actually penetrate, and the second is that good security is expensive, and most corps are not willing to use up that kind of money. Overly tight security encourages runners to blow a hole in a wall and come through guns blazing rather then stealthfully infiltrate(and thus cause less damage).

It's a fact of life in the 6th world, runners will infiltrate your compound if they want to. Thus a corporation has to budget their security based on how much damage a runner would do if they infiltrated, and how much their security could stop them. You could cover the entire site with cameras and motion detectors, with drone patrols at irregular intervals, but that costs lost of money, causes problems with your workers, and really won't stop a good team of runners. Most corps find it more cost efficient to keep their projects secret and hope runners never come. Only the really black stuff gets the grade A security.

How I usually judge things is I assume that most facilitys use 10% of it's funds on security. And since security is divided among three fronts (physical, matrix, and astral), that is 1-5% of the funds spend on any one of those fronts. Unless the project is really expensive, thats not a lot to work with. If a facility is exceptionally secure, it could use up to 25% of it's funds on security, but that's only for things that absolutely must be protected(like the Grid Guide, or a Nano-Warfare project).

That's a mindset I have trouble even comprehending.
1) A team can penetrate a secure system -- it just not be their usual method of operation to do it. A group who is used to the 'sneak in, sneak out' under cover of night may find such a method isn't going to work. Another team who is used to 'false ID, walk through the front door' may find that doesn't work either. It isn't so much 'can' as 'how', and I prefer that method of play. It was one reason that, as a player, I would presume to be given two week's leeway for any infiltration job my character was going to perform. He needed to know the layout, the security measures taken, and how things operated, so he could figure the most successful method of infiltration. Most players I deal with don't quite go that far, and prefer the 'try to sneak in, get cover blown, shoot way out' style of run. I call that a failed mission.

2) I've never, ever seen a team try the 'blow a hole in the wall' approach. If they did that, I'd probably have security shoot them dead, and they'd be wanted BADLY. It may just be my personal tastes, but I prefer my SR games to have a high level of realism, and trying to blow a hole in a corp's wall to grab stuff is definitely not realistic.




Shadowrunning is a part of life in the 6th world, yes, but I don't see it as a 'let's make it only reasonably hard' approach. Like I said earlier, a low level indy bookstore my wife works at has pretty damn good security for what it sells. The thing is, security only has a high cost at the start, and then runs a low cost over an extended period of time (discounted if you do extended contracts). This security will cover multiple projects, and if you really want your projects secure, you want to convince people that trying to break in is generally a Bad Thing. I'm more of the mindset that if runners come, and they trip the system, the corporation is within their rights to make that team DED. That's why, as a player, I always go with the 'if you are seen, the mission failed' mindset, and so tend to look at everything I can about security and sec. countermeasures. I'm also willing to accept that some locations will take entirely too much time / effort to be worth a run unless the payoff is really, really, really nice.

I tend to use the real world security then add magic. The biggest problem is people sill need to be able to work, thus your security will have holes.

Most reasonably sized facilities probably have 2 or 3 networks. 1 for the matrix, 1 for physical security(may or may not be on the matrix) and perhaps one for R&D(not on the matrix) and such if that level is needed. From there you have 2 types of systems. One that assumes someone will get in and locks them in or one that does everything to keep them out. Usually for off hours your going to have only a particular way to enter the building without setting off the alarm. So like the loading dock may be completely locked down on weekends, but one of the side doors you can use a passkey to go in. This can be true of hallways inside the building to. The employees though need to be able to get to their desks but it may be a total pain to do it. Going down the wrong hallway or using the wrong door even if you have the passkey will set off the silent alarm.

And that is precisely why it works: because most security personnel think like you.
http://en.wikipedia.org/wiki/Albert_Spaggiari

I'm interested greatly in the this topic. I'm a student of the security profession and assuming the level of security is competent and well-versed in their craft, blowing a hole in a wall to breach a compound is effective at initial entry but it creates a focal point in which the bulk of the security forces will focus upon. To be effective with this method of intrusion you have to overpower the overwhelming bulk of the security forces or destroy their ability to communicate and coordinate. Both of which are extremely difficult to do unless you have the proper expertise be it electronic, physical, or in SR's case, magical. Most security situations will be lax unless the contents of the structure dictate an elevated security presence. Guards, cameras, drones, technical equipment, and other devices are extremely expensive. Even in lax situations security is bulked outside the area of interception. A proper security format for a building will have a centralized point off the main pathways with the bulk of the security force stationed there. Any guards, cameras, dogs, and etc outside this formal zone are merely used to raise the alarm and bring the hammer, so to speak, to bear.

A few earlier replies referenced various uses of social engineering. At least in the various games I've been a part of, it seems that the bread and butter of bypassing security tends to rely upon it. The fact is, the cost of outfitting even a low-end retailer with motion sensors and cameras, rotating pass-key doorlocks and other simplistic security messures is rather negligible. Even in RL your common hobby shop that sells the books we base our shared world experiance out of have very similar setups that cost less than a grand at initial setup and run at low costs throughout their leases. The main weakness in any security network is the Wetwork behind it. Even a well paid, dedicated spider is going to have some price that would eventually bypass his/her moral foundation. You can throw a five million cred system at a runner group, and with enough planning, resources, and of course a realistic and giving GM they will eventually have the tools nessisary to overcome them.
Of course many runs are set within some,at least, simi-arbitrary time frame. This is about the most limiting factor in bypassing a well planned security network. Look at real life. Military grade security systems are hacked on a regular basis. I know that for myself my Soc. number was compomised due to lazy and innane servicemen. It happens, the tools may be in place but when the rubber hits the tread a lax employee or less-than-honest sarariman can and eventually will compromize the whole setup. Time is the factor that breaks a run and degrades it down to "stuff an assult cannon in an extra large gym bag and pray Lonestar has it's second string on the streets tonight".

Not if your in and out in 20 seconds... Watch Heat, Collateral, and Miami Vice while all fiction I think Michael Mann shows how important the element of surprise is and how horrible it can fail if your timing is off. Ronin is another good one but its not Micheal Mann.

The secret to breach charges is in and out, your either going in guns blazing or you know your going into the room you need and are grabbing what you want and leaving before anyone can react.



Or you can have a bulk of your security outside the building. This is generally the situation for the "lock them inside" type. Your expecting them to breach security but you know that from your remote offices you can have 100 cops (or whatever) down on them in 3 minuets from one or more locations. The building just has to lock down and keep them in.

No, physical security relies upon time. It takes x seconds to cross the fence, y time to breach door, etc. The purpose of locks, alarms, etc is to detect intruders as rapidly as possible and delay them as much as needed. This determines how your security force is deployed and responds. If someone uses a level of force or expertise that wasn't accounted for the response team will find nothing to stop, just an empty room with a big hole in the wall.

Look at mil-hdbk-1013 1a if you want some nitty gritty details. http://www.wbdg.org/ccb/NAVFAC/DMMHNAV/1013_1a.pdf You could do some interesting scenario design here if you wanted, but the issue is that role-playing games are usually a lot faster then real life.

There are more interesting docs at http://www.wbdg.org/ccb/browse_cat.php?o=30&c=80

That site has a lot of cool stuff if you poke around some.

Ok, let's face the fact shadowrunners are as heavily armed and trained as SEAL team 6. Ever watch the embassy rescue in South America they do use demolitions. The entire operation tends to last less than 10 minutes. This is how long your police and guards have to respond before shadowrunners are gone.

Shadowrunners have the advantage of surprise, choosing of their timing, and heavy firepower. Most guards are underpowered and reactive. So if the characters come bursting in with shaped charges, a tricked out van or helicopter this is not unusual for a shadowrunner. Most facilities aren't intended to stop this kind of assault. The goal by security is delay and contain until reinforcements arrive.

From first hand knowledge and talking to several people I can say the more secure the location the more lax the guards. I have known MPs who slept in guard towers protecting nuclear weapons. I know that many federal buildings have contractors protecting them with a few professionally trained police to ensure quality. Same is becoming true of military bases. I also know of guards who would turn off alarms because they always went off (motion detectors were the worst especially where leaves and gophers were concerned). I have also seen where one could easily penetrate security during normal business hours and take items by just claiming to be movers.

I have seen security measures implemented because of a supposed threat that cost more than the threat itself. It also reduced productivity and many people actually bypassed the security because it was so onerous. Have 15 different passwords and people save them in physical format or on their person. This defeats the whole purpose of having passwords. Security costs productivity. A 100% secure system is one with 0% productivity. Smaller firms actually have better awareness to unauthorized individuals than large organizations because people know each other.

Getting in is always easy. It is getting out and away that is the hard part.

I have never, ever, ever seen a SR team like this in any game I've played, or ran. No demolitions, no tricked out vans, no helicopters. Most of the equipment I see my groups get is internal stuff (cybernetics, bioware), or efficient ordinance / armour (chem suits, stealth suits), rather than going for the big boom.

Mind you, most of the players don't make military characters, they think more 'street' level and 'shadow ops' rather than 'military'. Probably for the best.

Different styles of play. In truth, for a ultra high security set-up, the best solution is usually to create a distraction while you go in guns blazing. Sometimes quicker is better then quiet.

A good security requires 3 elements:

1) Something to block intruders. A door/firewall/ward. It has three purposes: first it will deter 99% of possible intruders, second it let you know who's an intruder and who isn't and third it slows intruder down.
But no security is perfect, so the intruder will eventually get past the barrier. That's why you need:

2) Something to detect intruders. A camera or patrolling or standing guard/an Analyse program/a watcher spirit or a mage. They'll let you know that there is an intruder.
Now that you know, you need to act. You need:

3) Something to prevent intruders from doing whatever they want to do. A combat drone or strike team/an IC or a spider/a combat spirit or a combat mage. It can mean calling the police or an off or on-site security. In somes cases, this security can be put in action after the intruder have left: they'll use the data of the detection systems to catch them.

If you miss any of the elements, your security is ineffective.

Yeah, that's an inherent problem with Shadowrun.

If you use all the means they (realistically) should have available, then it would be pretty much impossible to get in.

I have one golden rule, when it comes to that.

The premise of Shadowrun is, that Shadowrunners exist.

This means in turn, that Shadowruns happen, and that can only be, if they make sense to happen.

So, in conclusion, security cannot be so perfect.

This is also not that unrealistic, as looking at real world examples, there is often a lot of money to be saved just by being a bit lax with security issues.

The highest priority facilities surely will have security that a typical runner team cannot tackle, but then those should not be the target of such runs either.

Pick the targets right and pick the security level right, so that the whole thing works out.

Bye
Thanee

I tend to make my security measures powerful enough so that the Runners won't have a 100% success rate in overcoming them or that they won't get it first try. Give them a challenge. I also make it so that mos security can be bypassed, should the Runners think about it.

For example, Motion detectors (As was stated in the start of this thread) can be removed as an obstacle IRL by hacking in and altering the frequency which they detect, thus rendering them obsolete for detecting most humans. If the characters think of something like that, let them do it.

For the most part though, I would suspect that players and GMs wouldn't know how Real World security works on a technical level, just that it exists, so I tend to just set a Threshold for them to overcome with a specific skill for each of the various security measures.

As to how secure it should be? Well, that's always up for debate. Some Real-World companies, it's easy to just walk in and do what you want (you may get caught later but not immediately) while others pretty much make you sign away your first-born child just to get into the reception area (so have lots of kids!)

I'll agree with most of what is said here but SR is not the equivalent of real-life security. Most real applications of security are simple and effective designs that while not fool-proof (never is) are more than a match for the level of activity it combats. Sometimes it is insufficent and other times it's far too much but security in SR is far more complex with more advance technological and even magical applications. It stands to be that security is always reactionary and prone to failure because of nature of the beast. Attackers choose the time, place, means, and method of execution. Defenders can only guess and hypothesize the next move. Depending on the structure in real-life the tenant is absorb, enclose, and destroy or repel, scatter, and destroy (if possible) to be simply put. There are various methods but simply put most elements breaching secure compounds in real-life don't have the training of a high-level military or covert unit. You really can't protect against those groups of individuals unless you're fully aware they are a persistent threat and the cost of maintaining a level of personnel and equipment is deemed necessary. SR is a different bird and as such no compound is unbreachable given the skills of these dedicated squads of metahumans. You can make it really unappealing though. There was a handbook on SR security. The Corporate Security Handbook, it's an excellent reference material for constructing elaborate defenses in SR.

ANd the level of activity it normally combats is normally street thugs who think they can get a free computer. Real life espionage at the level shadowrunners operate at is unusual in our world, and most security systems are not designed with them in mind (with few exceptions). Usually security systems are designed to counter one or two people with limited skills and drive, looking for targets of opportunity, not a determined and skilled attacker.

Couple things I want to address





I agree shadowrunners should be a seal team but thats a style of play. As for the federal buildings/Military Sites/etc any place that has guns and the ability to call for backup to a high threat response will have more lax guards. This is because they are built around the idea that if someone wants in they will find a way so lets instead work on keeping them there. This is not true of the private sector which doesn't have access to firepower and has to rely on police response time. Those site will have many security stations to go through and checks in order to keep people out. These sits are usually set up to handle breaching the outer wall as well. They hope to keep you away from your target as long as possible until the cops arrive.



Other than the Magical element its not really very different than today. We already have rental, dna, bio, etc scanners. We already have "the matrix" and wireless. While there are fantastic elements most of it is based on plausible stuff or advances in things that already exist. Heck you can control your computer by just looking at the screen now (not as efficient as a keyboard and mouse but it exists)

I always despised games where the job had to be done within a 48 hours. I believe if you are going to hit a target you should know patterns, people, etc. How you enter is just as important as how you leave. The method depended on the goals of the mission.

As for blowing the wall approach if you have a party comprised of a Radical Eco Shaman, A street samurai, a hacker, and a smuggler and a covert ops you have a party that can scale from silent to full gun battle. Demolitions would definitely be an option. So what if security will shoot them dead, they probably expect that from the beginning. If a guard points a gun at me then he is shooting to kill. The trick is to do it so fast that their security does not have time to respond. Also demolitions work for blowing a hole in, but they can also be reserved for blowing a hole out. This completely screws up security trying to contain them. You may not like that method, and you can't expect most facilities to enter it.

The truth is the playstyle is what the missions demands. If the mission is to guard a rockstar than discretion and minimal violence is called for. If it is to act as a defending force for another shadowrun team then you can fully expect missiles and machineguns. I do think it is up to the players to and GM to include a variety and mix of runs so players have to use all their skills and resources.

Now lets take a hard look at your scenario

Motion detectors. Ok they detect motion, but what do they do? What sets them off? What is the response when they go off? Do they go off so much that many places turn them off? Who monitors them (are they monitored or just automatic defense?). Do they hinder the movement of all personnel or just certain ones?

Cameras. They aren't wireless, but is there a point where they are all controlled? Does anyone monitor the cameras? What if they lose connection? What is the response? Do the cameras simply record or are they there to coordinate movements?

The guards have shifts. What is their usual patrol pattern? Do they vigilantly check areas or simply walk around looking for fire? Do the guards know the people working there? Are the guards even armed and with what? What kind of skills do they have? When are the most guards on duty? Do they hang out watching tv and drinking coffee or do they actually do their rounds? What kind of reserve weapons do they have and what is the plan for emergencies? Are the guards supposed to defend from street thugs, a disgruntled wage slave, or a strike team with military grade weapons and armor?

What are the reserve defenses? How long does it take them to react? Do they have offsite contracts for defense? Are they shared defenses with other corporations? Are there treaties between corporations for hot pursuit or mutual defense? What is the standard defense plan?

Do the doors have physical locks that have to be picked? If they lose power do they automatically lock or unlock? Is there a way to open the door if it does not have power? Are they independent controlled or centrally controlled? If they are independently controlled then do they all work correctly? Are they upto date?

Are the defenses hooked up to the matrix? Are there communications to call for backup? Are these wireless or wired? If the matrix defenses are inaccessible to the outside then is a spider on duty? If so how many are on duty at one time? How many spiders work at the facility (at least 3 times the number on duty)? What do they do if 1 is on vacation and another is sick?

Assume the cost of maintaining an employee is double the expected lifestyle of the employee. Then determine if the damage that is being defended against is 5 times that. Assume all methods will cost 5 times what the initial cost over the lifespan of the defense (IE drones, cameras, etc). That would include maintenance, etc.

Those are the details the GM has to decide. But before that, the GM has to decide how much the corp is willing to spend and how good the Security Design is and how good the Security Procedures are. Once those are decided, the rest tend to fall into place easily.

I'm actually surprised at the idea of a Shadowrunner team being on-par with a SWAT team. From most groups I've seen, the players usually don't pick skills to put them on that level of expertise. (A few combat skills, some may have electronic skills, most don't, one or two may have a driving skill, one didn't even have a stealth related skill).

Honestly, I expect that to be high-end play, if the GM tells players 'make a SWAT-level team'. I mean, my primary character was an infiltrator shaman type, which went pretty well at the covert stuff. My wife's character, however, was a street shaman. He wasn't really into the sneaky stuff. He wasn't into the tech stuff. Or combat all that much. He was backup, and would have been a liability in a SWAT-level game. Our troll was the landlord for a property in the slums, and acted genteel, but wasn't the 'in the shadows' type.

Giving the group a covert run would have killed them. In fact, most 'normal' security would have given them a tough time, I think. So... of course, they don't do those kind of runs. I think the 'break into the corporation, steal stuff, break out' sort of runs are for experienced (IC) runners who are geared to that sort of thing... the exception to the rule. Sort of like the 'elite teams' you see in movies. Not every team of runners are going to pull off The Italian Job.

Well your probably not going to start at Seal level but the first group I ever played in the longest lived runner had 50 karma pool the session I joined and started with 1. We usually earned 1 karma pool about every 2 to 3 sessions. The noobs like me would loose a few characters before getting a feel for it. When moved I think I had around 30 something karma pool

When I look at the Archetype base characters and weapon lists I tend to notice: Automatic weapons, demolitions, grenades, area effect spells and drones. These are stock characters not hand made characters. This immediately puts shadowrun team on SWAT or Special Forces footing in my view. This doesn't mean that it is your goal to lay down lead, but you always have that option. To me a shadowrun team is a freelance version of section 9 (Ghost in the Shell), but more inexperienced when first starting.

re: cutting through a wall - Burn Notice just had a show where they cut through a wall with a water saw. Now I want to try it!

This is incorrect by the fluff. Everything in SR1-3 had to be wired. Therefore the wires were laid down years ago. Crash 2.0 did not destroy all the wires in all the buildings.

The problem with blowing your way into a building is that the Corps always have bigger guns and in bigger quantities. Response time is near minimal so that even if you do manage to get away odds are they are already watching you with mages and drones. I've TPKed numerous parties at their "safehouse" after trying to pull this shit. No law in the Barrens works both ways chummer.

Our team has a demo expert and we're in the process of tricking out an SUV with a concealed-turret autocannon. We haven't yet actually NEEDED breaching charges, but we have set them up twice as a backup plan. ...hmm. I wonder if our demo guy actually removed the charges on the way out? *grin* Usually though we hack their security system, then go in using magic for invisibility to avoid the guards and employees. Doors are the interesting part - it's sometimes necessary to use Influence magic while sustaining a handful of invisibility spells, which is always fun... usually safer than leaving an unconscious body lying around though.

Bigger guns and more quantities may apply to a whole mega corp, but unless you are attacking an Aztlan military base the players probably outgun security. Minimal response time would be in the range of 5 minutes if onsite and 15 minutes offsite. The offsite security will takes as long as firefighters would take to get to your house and begin with the pumps let alone actually going into the building. The idea by onesite security is to deter by their presense and to contain damage.

As for chasing players back to the their safehouses that is perfectly acceptable. However, extraterritoriality and caution by the players can make this much harder.

The counter-tail application of the Shadowing skill, Knowledge skills such as Covert Ops Protocols can help with people trying to find you. Knowledge skills such as Guerilla Tactics can help with the actual attack and extraction on the target.

I stat my security measures as appropriate to what the security designer has to work with. A facility geared towards thwarting infiltration tactics would be less able to counter brute force attacks and vice versa.

Realistically yes, but this is an RPG. In the real world people often have 5 minute long gunfights where they go through multiple magazines. When was the last time in a SR game you have a 15 second long gunfight? When did you last have a PC/NPC have to reload?

It's "The Last Action Hero" world, where things happen in dramatic time, not real time.

Actually, I do have PCs and NPCs reload. As for gun fights... yeah, that's one of the things that's always annoyed me about RPGs... the '10 second gunfight'. Combat takes a lot longer than what's done in RPGs, and that annoys me to no end.

We have used Breaching Charges in a couple of occassions... we have multiple vehicles that are "tricked out", and we have access to air transport... now, the vast majority of vehicles/drones are more for surveillance than combat, but they are modded up none the less... and hell, we just bought us a Spec Ops style "Fishing Trawler"

Great Times

My ex-military character typically had a folded up silhouette charge in a pack on runs. I don't think he ever used it, but it was emergency exit plan c.

About what level of security a corp would have, I'm surprised the most important security measure corps have haven't been mentioned.

Insurance.

Who cares about theft or sabotage when your insurance covers the costs? Most security measures are what the insurance demands and no more, and unless you're carrying some goods that are attractive to thieves in general, they're not going to meet you with excessive demands. Sound an alarm, and eventually a lone guard is going to show up. Physical security is pretty limited, and just about the only thing hard to get at is servers.

Employee theft and embezzlement and corruption and IT security, that's where the focus is.

Defence contractors, high end research facilities, stuff like that is a different ball game of course.

All depends on where you are.

If you're in a Stuffer Shack, the "Security" is a few 'Trid cameras and a PANICBUTTON!.

If you're in an MCT Installation, then security is... Um... Well... No one knows. No one has come back from that particular facility. We found an arm once...