Help - Search - Members - Calendar
Full Version: 3 layers that will make matrix nodes "secure"
Dumpshock Forums > Discussion > Shadowrun
Pages: 1, 2
hobgoblin
i was reading a sidebar in unwired, and it dawned on me that a subscribers list can be used in multiple ways.

first as a way to say who you want to talk to, second a list of who you do not want to talk to.

the latter was mentioned as a way to keep agent hordes out.

anyways, on to my little brain dump.

note btw, that this will not make a a node immune, but it will make it more trouble then its usually worth for any but the most dedicated.

1. hidden mode. Basically, the node is not listed anywhere, it do not route traffic, and is generally a black hole in the matrix.

2. encryption. Sure, encryption is not the silver bullet it is in real life, but it helps. Especially when its used as a VPN.

3. subscription list. Unless the node is a customer PR node, it should have a very limited list of other nodes its willing to talk to. Not on that list, your not getting in, end of story. One thing to note on this step is that unlike a basic traffic sniff on the real internet, your not given both ends of a connection in SR. Instead, you will have to hack the known node to start a trace for the other end (or did i just dream that? could be its a SR3 or older thing, hrmf).

end result is that anyone wanting to break into the node will have to first find it, then decrypt access, and finally know the access id of another node it wants to talk to.

at that point, most script kiddies will be of spoofing some vending machine for kicks.
Saint Sithney
Another good option, like in real life, is to not use an admin account except to set initial permissions. There are all sorts of ways a hacker can jam you up with admin access, but if you limit your own permissions to only the type of things you would want to do in the first place, then spoofed commands lose a bit of their bite. They won't be able to slave your devices to their coms, mess with your safe targeting systems or any number of other dirty tricks a guy can pull by spoofing commands from a sniffed out admin account.
Tymeaus Jalynsfein
QUOTE (hobgoblin @ Mar 22 2010, 11:02 PM) *
i was reading a sidebar in unwired, and it dawned on me that a subscribers list can be used in multiple ways.

first as a way to say who you want to talk to, second a list of who you do not want to talk to.

the latter was mentioned as a way to keep agent hordes out.

anyways, on to my little brain dump.

note btw, that this will not make a a node immune, but it will make it more trouble then its usually worth for any but the most dedicated.

1. hidden mode. Basically, the node is not listed anywhere, it do not route traffic, and is generally a black hole in the matrix.

2. encryption. Sure, encryption is not the silver bullet it is in real life, but it helps. Especially when its used as a VPN.

3. subscription list. Unless the node is a customer PR node, it should have a very limited list of other nodes its willing to talk to. Not on that list, your not getting in, end of story. One thing to note on this step is that unlike a basic traffic sniff on the real internet, your not given both ends of a connection in SR. Instead, you will have to hack the known node to start a trace for the other end (or did i just dream that? could be its a SR3 or older thing, hrmf).

end result is that anyone wanting to break into the node will have to first find it, then decrypt access, and finally know the access id of another node it wants to talk to.

at that point, most script kiddies will be of spoofing some vending machine for kicks.



Except that Exploits get around such measures (the Subscription List thingy) pretty well... that is why it is an Exploit...

Keep the Faith
Dixie Flatline
Yeah, I've pretty much given up on the concept of defense in the Matrix for Shadowrun short of the highest end agents, hardware, and software, as well as a talented (highly talented) spider running overwatch on your system.

The idea that a system administrator (spider) could be sitting in front of his server, someone breaks in, and he can't just shut down the offending user and disconnect the bastard offends me on a conceptual level. That he has to go in and essentially "hack" the opponent is silly. He isn't good enough, he gets dumped, and now suddenly he can't touch the hacker in his system without turning off the entire node.

I also hate the idea that encryption can be hacked in only a few seconds in certain circumstances. I don't see how an online economy could exist or function in a world where data was so vulnerable. The idea that one single set of calculations which can solve immensely complex problems in relatively short time also would have real-world implications in science, mathematics, and economics that would literally change everything. It'd be the universal solvent of mathematical systems.

We hear in fluff about how lethal and protective and uber-secure high end systems are, but you read the stats and really, it's not that way. Someone with a few thousand nuyen comlink can feasibly hack a military grade system, on the fly, with a significant expectation of success. There was a thread in here about how you could run a rating 12 program on a rating 6 system comlink. Anything above 6 is supposed to be bleeding edge state of the art.

The hacking system is broken, and with AR/VR being so integral to ALL characters in 4th, it's impossible to simply kludge the matrix with NPCs like you could in previous editions.

It's an arms race that is permanently skewed in the favor of the aggressor.
Tymeaus Jalynsfein
QUOTE (Dixie Flatline @ Mar 23 2010, 07:27 PM) *
Yeah, I've pretty much given up on the concept of defense in the Matrix for Shadowrun short of the highest end agents, hardware, and software, as well as a talented (highly talented) spider running overwatch on your system.

The idea that a system administrator (spider) could be sitting in front of his server, someone breaks in, and he can't just shut down the offending user and disconnect the bastard offends me on a conceptual level. That he has to go in and essentially "hack" the opponent is silly. He isn't good enough, he gets dumped, and now suddenly he can't touch the hacker in his system without turning off the entire node.

I also hate the idea that encryption can be hacked in only a few seconds in certain circumstances. I don't see how an online economy could exist or function in a world where data was so vulnerable. The idea that one single set of calculations which can solve immensely complex problems in relatively short time also would have real-world implications in science, mathematics, and economics that would literally change everything. It'd be the universal solvent of mathematical systems.

We hear in fluff about how lethal and protective and uber-secure high end systems are, but you read the stats and really, it's not that way. Someone with a few thousand nuyen comlink can feasibly hack a military grade system, on the fly, with a significant expectation of success. There was a thread in here about how you could run a rating 12 program on a rating 6 system comlink. Anything above 6 is supposed to be bleeding edge state of the art.

The hacking system is broken, and with AR/VR being so integral to ALL characters in 4th, it's impossible to simply kludge the matrix with NPCs like you could in previous editions.

It's an arms race that is permanently skewed in the favor of the aggressor.


I do not actually agreee with you here, though...

Many of the "rules" in place for the Matrix are there for playability, not reality. If you were to put into place the actual systems for security, you would never be able to play a Hacker/Rigger. instead, the have provided a framework so that you can secure a system and still have playable hackers.

It really is not that hard to secure a system in the current rules. And ironically, the best way to do so is to do it in layers. Tracking Programs, IC, Agents, Encryption, Data Bombs, Worms and various other things can all be used to place a roadblock to the Hacker in his attempt to dominate a system... Clever use of Layered Nodes, Passkeys, Chokepoints, Verification Systems and such, can extend this out even more. Hell, you can even move permissions from User and Security Access to Admin Access Only if you really wanted, or even move off-node those files that keep track of such things (like your event log) so that it is even more time lost to the Hacker trying to cover his tracks. You can even make a file non-editable (no one has the permissions to change/Delete the file) to stymie those pesky hackers completely in trying to cover their tracks)

A Spider observing his system that detects an intruder CAN just shut out the offending user... if the Attacker is using a legitimate account when he is detected, he can be automatically logged off with no roll whatsoever... if he is using an Exploit, the system can try to oust him automatically once every Turn (contested roll)... this is in addition to having the attacker swarmed with IC or other Agents, attacked by Spiders, and even tracked to his location with 4 or 5 turns at most (that is a whopping 15-20 seconds)...

As for the Uber and High-end Secure systems... many of them are not accessible from the Matrix... which is a form of security in its own right... if you have to physically penetraste a system, it increases the risk, soemtimes exponentially. and yes, a hacker can run a rating 12 program on a rating 6 comlink... but first, the hacker has to have access to such a program (even if he can program it himself, it is going to take a great deal of time to do so)... and the GM is perfectly within his right to limit such endeavors to programming facilities in the larger Corporations if that is what he wants to do. On the other hand, that sounds like something that Fastjack could probably do, and as such, maybe a character that has been in the shadows a while deserves such a program... as long as he is not running with a whole slew of programs at such ratings, it is not that big of a deal... After all, a Technomancer can thread to ungodly ratings to perform his shennanigans...

As well... when systems start to accumulate large numbers of programs and personna, it starts to suffer degradation, eventually thte system may be forced to re-boot just to clear the electronic log-jam.

You are correct that it is an Arms Race... but I do not agree that it is skewed in the Hackers Favor... The typical Hacker will never have the resources of a Megacorp. As such, his equipment will generally be inferior to the task in a lot of instances. If your Hacker is running roughshod over your computer systems, maybe you should take a look at your systems.

There are a lot of rules (and optional rules) that can make hacking very difficult to nigh impossible. A Good example, that everyone continues to complain about, is Encryption. You can implement Dynamic Encryption... this alone can cause enough hassles for a Hacker that he may try to defeat this type of system by obtaining an actual encryption key through Social Networking or outright thuggery. Combine it with Strong Encryption, and you now have a system that will probably never be breached by the Typical Hacker running Rating 6 Programs. That is just a single example...

I like the Hacking Rules in play currently. They are a huge improvement over what has come before. Yes, they are not entirely realistic, but that is an inherent design choice. This choice makes playing a Hacker feasible. Implementing Real-World pareadigms would effectively kill the Hacker (and Rigger) archtypes pretty effectively... I don't know about you, But I enjoy playing a Hacker a lot...

Just Sayin'

Keep the Faith
DMiller
I'm afraid I agree with Tymeaus. The RAW have their flaws, but it is still much better than earlier editions. We have had our problems with Matrix and data security. But after a lot of reading and discussions it's working pretty well for our group. Though we do see quite a few non-matrix linked nodes in our games.
hobgoblin
i guess what one need to do is consider matrix security like physical security.

f you put your R&D lab downtown with just a rent-a-cop at the door, the runners will be walking in and out all the time.

but put it in a remote location, possibly removed from maps somehow, with a first check point some distance out from the main complex, and out of view of the main complex, with patrolling guards, spirits and para-animals in a zone beyond that. then the inside also have zones of access. Basically its become a fort. Even if the runners get in, one could lock the place down, and basically wait for them to try and leave.

so, matrix security on same.

remote location, not on the maps: hidden mode and encrypted traffic.

distanced checkpoint: chokepoint node(s).

patrols: agents, spiders.

one thought i had after writing the initial post was this:

have a collection of nodes outside send encrypted data towards the target node. These are nodes whos accessid the target node knows, and will only respond to with canned traffic that will get it nowhere. But the attacking hacker will not know that. So if he is looking for a accessid to spoof, he may well pick up one of these, that are in essence useless.

basically, no security is foolproof, the concept is more of making it bothersome to get in for all but the most dedicated and patient. The rabble will then move on to easier targets.

still, these security measures may well make the game slow down when a hacker wants to penetrate. But then thats why you allow a back door. A physical break-in and a jack point of some sort inside.

oh and btw, SR4 allows the hacker to be simply booted when spotted. But with spoof, he can basically change accessid and come right back.

the only sad thing about SR4 rules are that at this time, there is no real way to trash a attackers hardware or software
hobgoblin
oh and btw, the new faq update mentions one time pads still being around, but being cumbersome for general use.

my guess there is that the major economic institutions could be using mutually exchanged one time pads to handle traffic between their back end systems.

heck, i get the mental image of a courier with suit and sunglasses either carrying a case locked to this wrist, or maybe even a cranial storage implant and a bomb of some sort in case of someone attempting for force access.

so, general trading happens over normal channels, but at end of trading day, the various entities involved crack open the open time pads and go over the logged exchanges one more time for verification.

money transfers of various kinds have worked before the net came into existence, so i cant see it all coming to a screeching halt in SR.
MadDogMike
QUOTE (hobgoblin @ Mar 24 2010, 02:04 AM) *
oh and btw, the new faq update mentions one time pads still being around, but being cumbersome for general use.

my guess there is that the major economic institutions could be using mutually exchanged one time pads to handle traffic between their back end systems.

heck, i get the mental image of a courier with suit and sunglasses either carrying a case locked to this wrist, or maybe even a cranial storage implant and a bomb of some sort in case of someone attempting for force access.


And cue awesome run idea. Heck, having runners deliver a one-time pad isn't a major security breach if you can rig things to add a step where you confirm it was delivered to the target via contact with said target (i.e. call 'em up, ask "Did you get that thing I sent you?" and only send via one-time if you get confirmation); if the runners or someone else steal the pad, it's useless because you know not to use it. Won't work under all scenarios, but makes a good excuse for runners to be messing with it. Though on the other end of things, messing up delivery of a one-time pad could be a useful method to slow a particular business transaction down you want stalled.

Part of the other reason behind weakened Matrix security is the balance between actual usability and security. According to Unwired if memory serves most researchers/executives want to be able to run wireless within their areas, which is why you tend to get wireless hacking possible once you get past an external wireless block. Then of course there's the obvious issues of having hyper security tag normal users; nothing like black IC wasting a company VP or something to get a security hacker fired (on a rocket, into space...). Considering how computer malfunction and user error as-is, going nuts on security is more likely to hamper normal users than intruders, who should be rare anyway. It seems based on the discussion of milisecond buyouts and the like that business online needs to move fast, and lots of effective security is going to slow you down too much. Besides, let's face it, how many corporations today do you think have major security issues in their IT stuff? Or hell, how many governments? Why should a semi-dystopic future be any better about it? Feels like the major way Matrix security works in SR isn't throwing up a perfect barrier to intruders (which you can't do very easily) but throwing up enough barriers to make it take long enough/they have enough chances to screw up so they can be be spotted by the firewall/security hacker. Which might explain why technomancers who can thread Stealth past 10 get such terror from Matrix security, come to think of it; this approach is less likely to work.

If you really want an excuse to deny hacking something, I expect all the defensive programs past 6 that we never see in game are on things like the NSA's computers and the like. Doesn't matter how uber you are, minus some human engineering you're probably not cracking an Analyze 12/Firewall 12 on something like a nuclear missile or the like even with the highest end normally available Rating 6 programs and gear. As for why it's not everywhere, I presume the resources needed to keep such thing SOTA are expensive enough that it's not worth it barring a truly serious threat. Spreading even a single uber-program around to everything you own is also a way for someone to see it and figure out how to break it (or worse, figure out how your security thinking is going based on the design and be prepared to hack the next generation of programs as well). Better to keep it as the last line of defense on something kept ridiculously physically secure already.
Tymeaus Jalynsfein
QUOTE (MadDogMike @ Mar 24 2010, 10:37 AM) *
And cue awesome run idea. Heck, having runners deliver a one-time pad isn't a major security breach if you can rig things to add a step where you confirm it was delivered to the target via contact with said target (i.e. call 'em up, ask "Did you get that thing I sent you?" and only send via one-time if you get confirmation); if the runners or someone else steal the pad, it's useless because you know not to use it. Won't work under all scenarios, but makes a good excuse for runners to be messing with it. Though on the other end of things, messing up delivery of a one-time pad could be a useful method to slow a particular business transaction down you want stalled.

Part of the other reason behind weakened Matrix security is the balance between actual usability and security. According to Unwired if memory serves most researchers/executives want to be able to run wireless within their areas, which is why you tend to get wireless hacking possible once you get past an external wireless block. Then of course there's the obvious issues of having hyper security tag normal users; nothing like black IC wasting a company VP or something to get a security hacker fired (on a rocket, into space...). Considering how computer malfunction and user error as-is, going nuts on security is more likely to hamper normal users than intruders, who should be rare anyway. It seems based on the discussion of milisecond buyouts and the like that business online needs to move fast, and lots of effective security is going to slow you down too much. Besides, let's face it, how many corporations today do you think have major security issues in their IT stuff? Or hell, how many governments? Why should a semi-dystopic future be any better about it? Feels like the major way Matrix security works in SR isn't throwing up a perfect barrier to intruders (which you can't do very easily) but throwing up enough barriers to make it take long enough/they have enough chances to screw up so they can be be spotted by the firewall/security hacker. Which might explain why technomancers who can thread Stealth past 10 get such terror from Matrix security, come to think of it; this approach is less likely to work.

If you really want an excuse to deny hacking something, I expect all the defensive programs past 6 that we never see in game are on things like the NSA's computers and the like. Doesn't matter how uber you are, minus some human engineering you're probably not cracking an Analyze 12/Firewall 12 on something like a nuclear missile or the like even with the highest end normally available Rating 6 programs and gear. As for why it's not everywhere, I presume the resources needed to keep such thing SOTA are expensive enough that it's not worth it barring a truly serious threat. Spreading even a single uber-program around to everything you own is also a way for someone to see it and figure out how to break it (or worse, figure out how your security thinking is going based on the design and be prepared to hack the next generation of programs as well). Better to keep it as the last line of defense on something kept ridiculously physically secure already.



Excellent Points MadDogMike...

Keep the Faith...
kjones
MadDog, I agree with you in theory for the most part. However, let's look at the specific example of some godlike node with Analyze 12 and Firewall 12.

My hot-simmed hacker with Hacking 6 and Exploit 6 will break through that firewall in 3 rolls, on average. Sure, he'll probably set off an alarm when he does so, but it still took him all of 3 seconds (3 IPs) to break through what should theoretically be a godly firewall.

This is why you don't set up your security this way, of course - layers are the key, as previously noted. Two chained nodes, each with Firewall 6, will be harder to hack (assuming you have to go through the first one) than one node with Firewall 12, especially if you load up the first one with IC. My point is that having high Firewall just doesn't cut it. 3 seconds!
hobgoblin
but then 6+6 is the best gear available on the street. And hotsim is a illegal mod. This is a guy that shows up with a backpack of tricks to break into fort knox, not some kid climbing a fence for kicks.
tagz
I think also for good security you have to sometimes think outside the box. A lot can be done with the present tools, even at low ratings to mess with a strong hacker.

For instance:
I have a node for a research lab, it's their archive of information. It has fairly standard corp security. But the truly valuable research data is on a hidden node within that node. THAT node is only active for 1 minute a day and only allows data transfers to and from it by authorized users, is hidden, encrypted, and data-bombed, and the Spider actively oversees it and the transfers during that 1 minute. The parent node also goes on general alert, so IC and agent behavior may change during that minute.

Now, 1 min is a lot of IP on the matrix, but that's also the same amount of IPs to dedicated searching for anomalies/intruders. And a set number of turns/IPs is created. Obviously you could adjust this as you saw fit to your own game.

This could create a whole slew of problems for the hacker, while not making it impossible or using extremely high program ratings. They have a window of operation they must work in. Can they break the encryption in a short period of time? Is it dynamically encrypted of can the attempt of a previous day that succeeded still work? How do they learn when the node will be active? Do they remember to check for a data-bomb when they are working under the clock? Can their stealth handle dedicated searches? How did they learn that the real paydata is on this hidden node in the first place, of for that matter how it operates?

This is extreamly implementable by a corp, and cheap too. You could even hire extra spiders that only exist on the payroll for the half hour before and after the node goes online.

Anyhow, my point is matrix programs and such are tools. So the PC has a sledgehammer and the spider has a framing hammer. Make a situation that requires a screwdriver. Or make a situation that requires a hammer but doesn't give the room to swing a sledge. There are lots of options at your disposal.
Tymeaus Jalynsfein
QUOTE (kjones @ Mar 24 2010, 11:42 AM) *
MadDog, I agree with you in theory for the most part. However, let's look at the specific example of some godlike node with Analyze 12 and Firewall 12.

My hot-simmed hacker with Hacking 6 and Exploit 6 will break through that firewall in 3 rolls, on average. Sure, he'll probably set off an alarm when he does so, but it still took him all of 3 seconds (3 IPs) to break through what should theoretically be a godly firewall.

This is why you don't set up your security this way, of course - layers are the key, as previously noted. Two chained nodes, each with Firewall 6, will be harder to hack (assuming you have to go through the first one) than one node with Firewall 12, especially if you load up the first one with IC. My point is that having high Firewall just doesn't cut it. 3 seconds!


A top of the Line system as described will probably have several things going for it; at least this is how I would set up its initial gateway...

NOW...your example of your Hacker is using 14 Dice? 6 Program, 6 Skill and +2 to Hot VR? Average rolls = 4 Successes per pass to gain entry... with USER access Rights... The System gains 6 Hits to detect you (Your Stealth is a 6 right?) at which point your target went from 12 to 16, lengthening your hack to gain entry to 4 passes, and the system has already been alerted to your presence... not a good way to gain access to a system; hell IC/Spiders present in the Node do not even have to roll to detect your Access ID (Stealth right?) because you have been flagged by the Firewall...

Anyways, you have several issues that have to be accomplished before you make any Hacking Attempts......

First the Decryption (What, you though that the node was not decrypted?)... If this system is using Dynamic Encryption, you will have to contend with a threshold that is ridiculously high (on average, you will have a Gateway Node on a Rating 12 System with an Dynamic Encryption Algorithm that takes 18-20 hits to successfully decrypt... If that system is using Strong Encryption as well, your Interval can be anywhere from 1 Minute to 1 Day... Good luck decrypting that system before you begin to starve (Remember, if at any point you halt your decryption Attempt, you have failed and must start all over again... with a top of the line hacker, you are looking at about 14 Dice or so to decrypt that system... Average Hits at 3, you are looking at from 4-7 DAYS to crack that code...

At that point the Rating 12 Data Bomb (Pavlov Option) that is keyed to the Gateway port is going to need some attention. IF the hacker finds said program, he will try to defuse it (The System will have 24 dice (Rating x2) vs the Hackers DefuseTest (Hacking + Defuse of Maximum of 12 Dice, 14 if applicable Specialty)... I am putting my money on the Data Bomb at that point... Now, either failing to perceive the data bomb or failure to defuse it will cause 12x1d6 Damage to the Hacker... Even a minimal roll will probably flatline the intruder... That is your First line of defense

IF you have successfully made it this far, NOW you may make that attempt to Hack the System... It will take some time, and he will set off an alert in the process, all things being average...

Once the hacker accesses the system, he is undergoing a possible terminate connection action, and in keeping with the example provided for a Top of the Line System (One more than capable of running a UV Environment), this would be a Firewall (12, plus the Firewall Bonus for an Active Alert of +4: for 16) + System (12) opposed test against the Hacker's Hacking (6) + Exploit (6) test... who do you think is going to win this one... it is my belief that there are hacks against systems going on all the time, the optimal initial response is for the node to have "Terminate Connection" as its ARC response as its second line of defense. This will generally log off the Hacker in question and allow the system to resume doing whatever it does... This is your Second line of defense...

Third line of Defense... Have an Agent/IC Immediately query an Icon when its Access ID is noticed, and everytime if performs a function that is questionable... once detected, either an alert is triggered (with the same test as pervious for Terminate Connection), or a Spider is notified to investigate further, at which point he may either Track the User, Launch IC on the User, or monitor the User...

From there, your Node Topography will determine exactly how things will progress...

You do not just casually hack a rating 12 System... it is often very, very deadly... so your three to four second hacking attempt (I Say this loosly, as it was not really all that much of an attempt at taht point) results in a possibly brain dead hacker...

Note: This same Topography Scheme works just as well on a Rating 6 System... thoguh at that point, your Hacker is on more even footing and has an actual chance to survive the initial moments of the Hack...

Thanks for Hacking...

Keep the Faith
Saint Sithney
Further security ideas for buggering the hacker.
1) The daisy chain. It's cheaper than good ICe to just have all data flowing through a physically linked portal chain. Each node is subscribed only to the previous and next and is linked by fiber. An extra 2000 or so means that the hacker needs to plow though 10 consecutive firewalls.
2) Onion nodes. Any device can run a potentially unlimited number of virtual nodes. Daisy chain like before, but less devices means less physical bulk, easier to hide and all that. Reason states that each virtual node would need to be running an OS concurrently, so response would be limited, but firewalls aren't limited by response.

Combine both for a gateway system which can slow and challenge a hacker without getting too esoteric.
Tymeaus Jalynsfein
QUOTE (Saint Sithney @ Mar 26 2010, 03:57 AM) *
Further security ideas for buggering the hacker.
1) The daisy chain. It's cheaper than good ICe to just have all data flowing through a physically linked portal chain. Each node is subscribed only to the previous and next and is linked by fiber. An extra 2000 or so means that the hacker needs to plow though 10 consecutive firewalls.
2) Onion nodes. Any device can run a potentially unlimited number of virtual nodes. Daisy chain like before, but less devices means less physical bulk, easier to hide and all that. Reason states that each virtual node would need to be running an OS concurrently, so response would be limited, but firewalls aren't limited by response.

Combine both for a gateway system which can slow and challenge a hacker without getting too esoteric.



Also very good ideas...

Keep the Faith
Heath Robinson
QUOTE (Saint Sithney @ Mar 26 2010, 10:57 AM) *
Further security ideas for buggering the hacker.
1) The daisy chain. It's cheaper than good ICe to just have all data flowing through a physically linked portal chain. Each node is subscribed only to the previous and next and is linked by fiber. An extra 2000 or so means that the hacker needs to plow though 10 consecutive firewalls.
2) Onion nodes. Any device can run a potentially unlimited number of virtual nodes. Daisy chain like before, but less devices means less physical bulk, easier to hide and all that. Reason states that each virtual node would need to be running an OS concurrently, so response would be limited, but firewalls aren't limited by response.

Combine both for a gateway system which can slow and challenge a hacker without getting too esoteric.

The first fails if the node at the end of the chain ever phones out. The idea of a daisy chain, whilst described in Unwired, has absolutely zero rules support. At best, you've got a Signlless Hidden node proxying through a chain of other nodes (taking the Response penalty for each). Even then, if anybody needs access there's going to be a way to find it, eventually.

If you don't have its AID, you can't connect to it. You can only get its AID by searching for it using the Detect Hidden Node action, which requires you be in mutual Signal range, which a wired-only node does not have.
The Jake
If I were going to pull off a righteous hack (and maybe this is something of my RL knowledge coming to the fore) I would use an agent to scour the Matrix for known employees of a given organisation that work for said "UltraSecure"tm host.

I would then datamine for their hobbies, likes, dislikes, professional interests, sporting associations, professional groups, resume, etc, etc. -- anything and everything I can find to get a way inside.
I'd then manufacture my own malware, design to mess with their commlink.
Finally, I'd find a way to introduce myself with the target, using social engineering, get all close and friendly - focus on infecting their commlink and anything else they're carrying with my malware.

Get your access codes and what not - or failing that, at least map the internal network and interior security of "UltraSecure"tm host - and off you go!

VOILA! Classic spearphishing attack. Proven in the field to have a high success rate.

- J.

Tymeaus Jalynsfein
QUOTE (Heath Robinson @ Mar 27 2010, 05:59 AM) *
The first fails if the node at the end of the chain ever phones out. The idea of a daisy chain, whilst described in Unwired, has absolutely zero rules support. At best, you've got a Signlless Hidden node proxying through a chain of other nodes (taking the Response penalty for each). Even then, if anybody needs access there's going to be a way to find it, eventually.

If you don't have its AID, you can't connect to it. You can only get its AID by searching for it using the Detect Hidden Node action, which requires you be in mutual Signal range, which a wired-only node does not have.


I see it a bit differently than you do apparently... I see an intertwined mix of nodes... they are not Proxy nodes but hardwired access points that you must get through before accessing a specific node... it is good system design to layer your nodes and access points. other wise it gets real boring (forthe hacker at least) if the systems are all set up the same way... think of the Suystem architecture as a whole, not as Proxy's that must be gone through.

As for connecting to a wholly hardwired system, you are correct, it has no node to scan for at all, as it has no signal rating. but that is okay... assuming that the system IS on the Matrix, one of its nodes will probably have a wireless access gateway... this is what you would be scanning for. Now, if the system is not on the Matrix, they you would have to find a physical jackpoint and use that to access the system... However, the Physical nodes that are connected together are NOT proxying their connections (that would be a ludicrous design in almost every case, because it would degrade the system resources), they are just linked together in a logical manner to allow differing styles of architecture... Daisy Chains are not Proxy Servers in my opinion, at leaSt be default.

Keep the Faith
The Jake
Strictly speaking, if they're treated as seperate nodes, they can be.

Otherwise they're a cluster.

- J.
Tymeaus Jalynsfein
QUOTE (The Jake @ Mar 27 2010, 08:11 AM) *
Strictly speaking, if they're treated as seperate nodes, they can be.

Otherwise they're a cluster.

- J.


They could be clusters, but then they lose the architecture of a Distributed Network, which is what we were talking about... I work on a distributed network that has many thousands of independant connections, and I am pretty sure that I do not have system degradation based upon all of those "nodes" out there... and I can go from node to node with little problem, except for possible Permissions issues... This is not a Cluster or Supercluster, it is distributed... much the same as we were discussing... and going from node to node would require hacking unless you otherwise had access...

This is how I see setting up a "System" in Shadowrun... Many, Many Nodes all interconnected with each node possibly performing a different function within the system...

But your point is well taken... You COULD set it up as a Cluster if you indeeed wanted to do so... and you COULD even set it up as a Daisy Chain of Linked Nodes... I see it as more of an Onion though...

Keep the Faith
The Jake
QUOTE (Tymeaus Jalynsfein @ Mar 27 2010, 02:21 PM) *
They could be clusters, but then they lose the architecture of a Distributed Network, which is what we were talking about... I work on a distributed network that has many thousands of independant connections, and I am pretty sure that I do not have system degradation based upon all of those "nodes" out there... and I can go from node to node with little problem, except for possible Permissions issues... This is not a Cluster or Supercluster, it is distributed... much the same as we were discussing... and going from node to node would require hacking unless you otherwise had access...

This is how I see setting up a "System" in Shadowrun... Many, Many Nodes all interconnected with each node possibly performing a different function within the system...

But your point is well taken... You COULD set it up as a Cluster if you indeeed wanted to do so... and you COULD even set it up as a Daisy Chain of Linked Nodes... I see it as more of an Onion though...

Keep the Faith


You're confusing IRL know-how with in-game now. This is where the Matrix rules break down (and not a mistake you make normally!).

- J.
Tymeaus Jalynsfein
QUOTE (The Jake @ Mar 27 2010, 07:29 AM) *
You're confusing IRL know-how with in-game now. This is where the Matrix rules break down (and not a mistake you make normally!).

- J.



No, It was just an example of what might be a typical layout for a node in Shadowrun, though it was based upon personal experience, yes...

A "System" is an interconnected group of Nodes... It may be a single node, or a thousand nodes, it does not really matter... They may be Clustered (though this could be ineffecient with High Powered Standard Nodes or Nexi, as they cxreate a single "Supernode" and this may not be what you want, it is more secure), they may be Slaved (Not all nodes on a system will be slaved, but you may have groups of slaved Nodes connected to other slaved nodes, and on, and on... this is another "Advanced" node configuration and provides greater security for the subnetwork so configured), or they may be just independant nodes linked together in a Large System Architecture (May not be the most effecient, but still viable, as each node may have multiple connections to other independant nodes... This is the standard Network Configuration)...

Sub-Nodes (and by extension Peripheral Nodes) can bring in a multitude of additional issues, because a Sub-Node can be almost anything with a connection to the parent Node... some of them can be wired and others will be wireless, and the node configuration that you use will determine how secure they will be...

Some of the tips and tricks used to establish a more secure "System" include such things as Chokepoints, Layered Defenses and Passkey Access... Limiting account priveleges and protecting the access log are also good practices to implement in teh design of the Architecture... No where in the rules can I find that layering your system induces Reduction is System Resources... The Layered Defense Option is not the same as using a Proxy Server to hide your activities, And a Daisy Chain of Nodes (Chokepoints and Authentication Nodes) are not the4 same as a Proxy Server either... According to the Book (Page 104, Unwired), Nodes may be configured to act as a Proxy Server, but they do not have to be. Now, If I was to use a Proxy Node, I would design my System as a whole, then I would route a Hardwire to a different Location (why go wireless when you can go Hardwire) and then set up a node with the Proxy Configuration to actually interface with the Matrix... a Single Proxy is useful in that t can provide a level of protection to yor core network... Hackers can use Anonymous Proxy Servers to hinder and tracking attempts... a good idea for personal safety in my opinion.

So, in the end, a Proxy Server is a node configured to perform that function... if A Daisy Chain of Nodes (not set as Proxies) were put in place to constrict and harrass the Hacker (having to hack through 5 Seperate nodses to get to something that can actually provide other information/access is tedious and many hackers will stop before they actually penetrate anything of value), and it is fairly inexpensive (System Architecture wise), why would you not do so... load each node with IC and Authentication, and the Hacker will probably be detected fairly quickly... and he has not even penetrated anything that is truly sensitive at that point... I know that I mam going to implement such strategies if I was a Corporation in Shadowrun... A moderate Outlay of say 20,000 nuyen to negate the potential losses of Millions or more... You Betcha...

Keep the Faith
Heath Robinson
QUOTE (Tymeaus Jalynsfein @ Mar 27 2010, 02:05 PM) *
I see it a bit differently than you do apparently... I see an intertwined mix of nodes... they are not Proxy nodes but hardwired access points that you must get through before accessing a specific node... it is good system design to layer your nodes and access points. other wise it gets real boring (forthe hacker at least) if the systems are all set up the same way... think of the Suystem architecture as a whole, not as Proxy's that must be gone through.

As for connecting to a wholly hardwired system, you are correct, it has no node to scan for at all, as it has no signal rating. but that is okay... assuming that the system IS on the Matrix, one of its nodes will probably have a wireless access gateway... this is what you would be scanning for. Now, if the system is not on the Matrix, they you would have to find a physical jackpoint and use that to access the system... However, the Physical nodes that are connected together are NOT proxying their connections (that would be a ludicrous design in almost every case, because it would degrade the system resources), they are just linked together in a logical manner to allow differing styles of architecture... Daisy Chains are not Proxy Servers in my opinion, at leaSt be default.


You misunderstand. There are no rules to support the daisy chain setup. None. If there are, you could quote me some. I mean that - quote me the rules proving me wrong, with page references. The assertions in Tips and Tricks (or whatever the title of that chapter is) of Unwired are not rules. Your description of a daisy chain is a houserule so far as I can tell.

It is bad game design to force players to roll more dice for no reason. If you can tell another player what your actions would be sufficiently ahead of time that you can go play another game entirely, the prospects for that game fucking suck. Repetition is for robots. Daisy chains suck balls and are boring because they mandate additional rolls for no general benefit.


QUOTE (Page 230 @ BBB)
You may instead make a general search for Hidden nodes that are within mutual Signal range.


A wired-only node that is in Hidden mode cannot be detected using this method. Since you should never see the server running any important Corporate node without a whole fucking Shadowrun, this is the only way you would be able to search for the Hidden node unless you use Trace on one of its subscriptions, the logs of another node it has visited, or on its icon in another node.
KnightIII
Daisy chain as I understand it:

Target node-->Secure Node C--->Secure node B--->Secure node A--->Access node--X

The target node and the secure nodes have 0 signal and are wired to eachother in a direct chain with A being connected to a 5th node that has wireless access to some degree. Even a rating 6 system is good enough for this as it could theoretically connect to 12 such systems without any problem. For an authorized user it would be no more annoying than my bank:
Access Node: Enter User name
A node: Enter password
B node: What is your mothers maiden name?
C node: is this your watermark? (checks a passkey modual connected to authorized comm)
Target: access granted. Surely you know the encryption code for the file you wish to access

For a hacker its a little more challenging.
Access node: SPoof an accepable ID or hack the firewall
A node: passcode or hack again
B node: passcode or hack again
C node: passkey spoof or hack once more
Target: Begin decryption process.
Now you have your matrix icon strung out along 5 nodes, for optimum security each node should be running an IC scanning users say... every turn.

All pretty basic with just rules from the core book. Unwired could make it even more challenging.
kjones
I'm not really sure what you're saying. Are you trying to argue that it's not RAW to have nodes connected to each other in such a way that you have to connect to one in order to get to the other? What, exactly, is a "daisy chain", and why do you have a problem with it?
Saint Sithney
A daisy chain is a series of electronic devices where every single device is needed in order for any to operate. Basically it is what's called a series. A->B->C->D Cut out any one and the system fails.

As to how to make a daisy chain in SR, all you have to do is use accounts. Start with the Outer Gate node which can accept any Access ID. This is your point A. Next is the first chain node, B. It will only accept two Access IDs for anything, namely the IDs of A and C, and it has no signal rating because it is completely wireless. This means that no communication can officially pass through B unless it comes from either A or C. This allows commands and communications to pass through the node, from one to another, but never users. It is basically a wall in the Matrix separating one isolated node or cluster of nodes from the rest of the Matrix/network. So, anyone without physical access to the protected node/cluster can not get through without either knowing exactly which access ID to spoof, which can't be sniffed without a data trail, or through repeated exploits.
Triggvi
Everyone seems to forget no matter how buff the program. The program rating is limited to system and response. rating 12 programs have a huge problem to over come before you can even use them.
Cheops
I find it intensly amusing that all the people defending the SR4 rules for the matrix are doing so by using the very same tricks and tactics that people complained about in previous editions of SR and that SR4 was supposed to have done away with. Matrix Dungeons for everyone!
Heath Robinson
kjones:
QUOTE (kjones @ Mar 28 2010, 07:30 AM) *
I'm not really sure what you're saying. Are you trying to argue that it's not RAW to have nodes connected to each other in such a way that you have to connect to one in order to get to the other? What, exactly, is a "daisy chain", and why do you have a problem with it?

I'm arguing that RAW has no rules that support the setup. There are no limits imposed to what nodes you can perform a Log On action for ('cept the obvious case where you don't know that the node exists).

QUOTE (Page 231 @ BBB)
LOG ON
You open a subscription to a node, and your icon appears there. This requires no test, but does require either the proper authentication to an account (such as a passcode) or a hacked account. You also need a connection to the node’s device, either with a wired connection or a wireless connection (by being within mutual Signal range or establishing a route across multiple devices).


The rules state absolutely no limitations. If you know of a node (and I mean know, not "describe some general characteristics") then you can perform a Log On action, and enter the node. Any node, regardless of its topographical surroundings. There are exceptions stated in various places, like the Encryption rules, and the Slaving rules, but so far as I can tell, there are no rules that allow you to make Daisy Chains (that work) save the use of Anonymising Proxies.

As for the accusation that I have a problem with Daisy Chain? Well, yes, I do have a problem with. I stated what my problem with it was in the post prior to this one. To reiterate: Rolling extra dice for no reason is boring, and makes the game bad. Daisy Chains mean extra dice rolling for no reason. Therefore, Daisy Chains suck monkey balls.

Normally, however, the belief that your opponent has a personal problem with something they argue against is a pointless line of argument. If you want me to accept some kind of comment on my motivations for doing what I do, you must still demonstrate that I am wrong. Otherwise I will reject your psychological introspections as a bunch of pointless fluff intended to cover for the fact that you have nothing to contribute.


Knight11:
QUOTE (KnightIII @ Mar 28 2010, 07:24 AM) *
All pretty basic with just rules from the core book. Unwired could make it even more challenging.

Quote them, please. I must be blind, because I can't find them.


Triggvi:
QUOTE (Triggvi @ Mar 28 2010, 01:08 PM) *
Everyone seems to forget no matter how buff the program. The program rating is limited to system and response. rating 12 programs have a huge problem to over come before you can even use them.


QUOTE (Page 115 @ Unwired)
Optimization (Rating)
Program Types: Common, Hacking, Autosoft, Simsense

Under normal circumstances, a node’s System rating limits the rating on any software run on that node (see System, p. 213, SR4). A program with the Optimization option is more effective at running on a system with limited resources. Add the Optimization rating to the rating of the System (to a maximum of twice the System’s rating) to determine the maximum rating at which the program can operate.



Sithney:
QUOTE (Saint Sithney @ Mar 28 2010, 09:33 AM) *
A daisy chain is a series of electronic devices where every single device is needed in order for any to operate. Basically it is what's called a series. A->B->C->D Cut out any one and the system fails.

As to how to make a daisy chain in SR, all you have to do is use accounts. Start with the Outer Gate node which can accept any Access ID. This is your point A. Next is the first chain node, B. It will only accept two Access IDs for anything, namely the IDs of A and C, and it has no signal rating because it is completely wireless. This means that no communication can officially pass through B unless it comes from either A or C. This allows commands and communications to pass through the node, from one to another, but never users. It is basically a wall in the Matrix separating one isolated node or cluster of nodes from the rest of the Matrix/network. So, anyone without physical access to the protected node/cluster can not get through without either knowing exactly which access ID to spoof, which can't be sniffed without a data trail, or through repeated exploits.


First, I shall demonstrate how your Daisy Chain does not work.

QUOTE (Page 223 @ BBB)
Your persona also bears your access ID.


Nexus A which only permits the AIDs of nexus B and nexus C cannot perform the role of a Daisy Chain because the AID of the originating node is always used in your Persona, therefore only the Personas from the nodes up and down the chain can even access a node in the middle, making it impossible to use the Daisy Chain to secure Matrix Access. If we could give a Persona another AID, then we resurrect Agent Smith. If we can use one of the Personas from another node, we'd resurrect Agent Smith. If you can ever have an AID on a Persona you are using to take actions in the Matrix which is not the AID that you get from the hardware you are actually physically using, then Agent Smith rapes your mother.


Now, I'll demonstrate why your Daisy Chain does not matter to a Hacker.

QUOTE (Page 223 @ BBB)
Passive mode ... This is the default mode for peripheral nodes and nexi—in the latter case access approval is required from a sysop or ensured by using an established account (see Access Accounts, p. 225).


QUOTE (Page 235 @ BBB)
The goal of hacking into a node is to create your own account on the target node. In order to hack a node, you must either be within mutual Signal range of the target node’s device or have an open subscription with the node through the Matrix.


An Account will permit you access to a Passive mode Nexus or Peripheral. Hacking in gives you an Account. Ergo, hacking in will permit you access to a Passive mode Nexus or Peripheral.
kjones
Heath, if I'm understanding you correctly, you're asserting that nodes can forward traffic without giving you any access to that node - which makes sense, because this is how the Matrix works. (Mesh network.) Are you saying, then, that any node connected to the Matrix at large (and therefore any node connected to a node connected to the matrix, or any node connected...) can just be accessed directly through the matrix?

Even if that is RAW, it's incredibly silly. Furthermore, take a look at the example security setups in Unwired, p. 77. The higher-security nodes all have some kind of tiered access, so you can't just directly access the innermost nodes with a "log on" action - how does that work, then? If I'm understanding it correctly, that's the entire principle behind a "gateway", although I'm not sure if that's an actual rules term, or merely a descriptive one.

Personally, regardless of the rules, I'd rather have my Matrix look like the one in the sample setups in Unwired than have every node accessible from everywhere.
Tymeaus Jalynsfein
QUOTE (Heath Robinson @ Mar 27 2010, 01:32 PM) *
A wired-only node that is in Hidden mode cannot be detected using this method. Since you should never see the server running any important Corporate node without a whole fucking Shadowrun, this is the only way you would be able to search for the Hidden node unless you use Trace on one of its subscriptions, the logs of another node it has visited, or on its icon in another node.



Were you quoting this to me? I totally agree with you ... You cannot detect a Harwired System via Wireless Devices, as Hidden Mode is only for Wireless Communications... That is about as abvious as the nose on my face...

Keep the Faith
hobgoblin
QUOTE (Cheops @ Mar 28 2010, 04:50 PM) *
I find it intensly amusing that all the people defending the SR4 rules for the matrix are doing so by using the very same tricks and tactics that people complained about in previous editions of SR and that SR4 was supposed to have done away with. Matrix Dungeons for everyone!

true, tho i suspect the people that defend SR4, also defended earlier (at least post VR2.0/SR3) rules.

most of the big changes between SR3 and SR4 are:

- no more tracking storage and active memory. instead you can carry as much data and programs as you like, and track how many programs you run vs system.

- massively reducing the number of special stats to know and track. a SR3 deck had 7 stats for a deck, and maybe 5 for a host. SR4 have 4, and they are the same for both parties. One can even fold them into a single number if one want ease of use.

- AR. now hackers have a option when the shit hits the fan, rather then basically sitting in a corner wired to a wall socket (matrix held some rules on wireless connections, but that didnt eliminate the VR only issue).

- making drone rigging and hacking one system. Sure, it creates some potential headaches, but it also streamlines the number of systems one need to know. With SR3, riggers had their wholly own system of signal warfare (3-4 damage tracks, anyone?) and a building rigging system that deckers could barely access via emulator hardware (and was badly under-equipped even then).

Thing is that during a run in SR4, the hacker can do more then he could in SR3. he can get into the security system and attempt to misdirect or frustrate security without having to get into a gun battle, and risk having HTR teams come crashing in the windows. Try that in SR3 and you need to be a rigger, not a decker.
Tymeaus Jalynsfein
QUOTE (Triggvi @ Mar 28 2010, 06:08 AM) *
Everyone seems to forget no matter how buff the program. The program rating is limited to system and response. rating 12 programs have a huge problem to over come before you can even use them.



Not really...

Either create a System/Response 12 System OR
Create a Rating 12 Program with a Rating 6 Optimization

Now, Both of these are doable by Raw standards, if a little bit on the high powered side... The real challenge is having your GM allow that in his game...

Keep the Faith
Teulisch
i can see situations where you have to hack node A in order to turn on node B (which is otherwise off with no power) in order to access node C through node B. node B is a simple dedicated box to route traffic with a good firewall, an alarm, and nothing else. when the node B turns on for any reason, the defense hackers receive a notification at once. their first response to an alarm may be to physically unplug node B.

this would provide matrix-accessible data at a higher level of security, and require a daisy-chain that cannot be bypassed. A remains available to the public at all times, while C is primarily internal with the occasional outside line.

Tymeaus Jalynsfein
Damned Double Post... Sorry
Tymeaus Jalynsfein
QUOTE (Heath Robinson @ Mar 28 2010, 09:06 AM) *
Wall of Text... Cut for ease of reply...


The problem with your analysis, Heath, is that if you can ONLY access Node A (because you have no way of actually scanning for a node that isn't wireless and some hardware is just not physically there due to being Hardwired) you MUST hack Node A to gain Entrance to the system... Now when Node A connects to another Node (Call if B), you cannot transfer from Node to Node without hacking the next Node in Line... and so on down the Line...

So... Example

Node A: Camera... Camera can either be Wired or Wireless, Method controls how you have to gain access...
Node B: Wired Camera Sub-Node (Contains connections to Node A1 through A9, with Connection to Visual Security Sub-Node, Call it C)
Node C: Visual Security Sub-Node... It ultimately connects to a Main Security Node, which may or may not contain Branches to other Main Nodes, dependant upon how the System is configured...

As you can see... it is a "String of Nodes" that logically connect to eash other... the fact that you MUST hack each node in series to gain access to a deeper Node is already established by RAW, and I am assuming that you agree with that in Principle at least... Now, call that "String" what you will (Some call it a Daisy Chain)... Now, each of those Nodes can have IC and Protective Measures installed to make the Hack more difficult... and the more Secure the Facility you are trying to penetrate, the more countermeasures there will be... Again, I do not think that you would Argue this point... (Though I think I would need to clarify here taht if your node is a Clustered set of devices, you would have access to all of the Devices in the Node so Clustered once you hacked the Node Proper... One of the reason that I do not use clustered nodes that often)

Now, Interestingly, if you were to gain the access permissions of a person on the System that had access, you would not need to hack and you would have free reign of the system, within your access rights of course.

That is why there are always at least a minimum of 2 ways to gain access... By Directly Hacking the System, or by Socially Engineering the Human Element...Hopefully, we can agree on these points... If so, I cannot see your argument at all, and you will need to do a better job of explaining it...

As far as I can tell, eveything I have demonstrated above is per the Books...

SO... What are you in actual disagreement with here? The fact that a Hacker will need to make more than a few rolls to gain access to a system? This is RAW... and This is exactly how we do it in our game, and it has yet to really slow down anything at all... Hackers work in the same timespace as the Street Samurai, and we pursue our targets simultaneously, via the Combat Turn System... How does this not work in your games? I am honestly confused at your opposition here...

Keep the Faith
Heath Robinson
kjones:
QUOTE (kjones @ Mar 28 2010, 04:37 PM) *
Heath, if I'm understanding you correctly, you're asserting that nodes can forward traffic without giving you any access to that node - which makes sense, because this is how the Matrix works. (Mesh network.) Are you saying, then, that any node connected to the Matrix at large (and therefore any node connected to a node connected to the matrix, or any node connected...) can just be accessed directly through the matrix?

Even if that is RAW, it's incredibly silly. Furthermore, take a look at the example security setups in Unwired, p. 77. The higher-security nodes all have some kind of tiered access, so you can't just directly access the innermost nodes with a "log on" action - how does that work, then? If I'm understanding it correctly, that's the entire principle behind a "gateway", although I'm not sure if that's an actual rules term, or merely a descriptive one.

Personally, regardless of the rules, I'd rather have my Matrix look like the one in the sample setups in Unwired than have every node accessible from everywhere.


From my reading of the rules, I have the strongest confidence in the conclusion you derived from what I wrote. Unless someone can point me to information that suggests that my conclusion is wrong I am not going to act as if the rules say something else.


Tymaeus:
QUOTE (Tymeaus Jalynsfein @ Mar 28 2010, 05:19 PM) *
The problem with your analysis, Heath, is that if you can ONLY access Node A (because you have no way of actually scanning for a node that isn't wireless and some hardware is just not physically there due to being Hardwired) you MUST hack Node A to gain Entrance to the system... Now when Node A connects to another Node (Call if B), you cannot transfer from Node to Node without hacking the next Node in Line... and so on down the Line...

So... Example

Node A: Camera... Camera can either be Wired or Wireless, Method controls how you have to gain access...
Node B: Wired Camera Sub-Node (Contains connections to Node A1 through A9, with Connection to Visual Security Sub-Node, Call it C)
Node C: Visual Security Sub-Node... It ultimately connects to a Main Security Node, which may or may not contain Branches to other Main Nodes, dependant upon how the System is configured...

As you can see... it is a "String of Nodes" that logically connect to eash other... the fact that you MUST hack each node in series to gain access to a deeper Node is already established by RAW, and I am assuming that you agree with that in Principle at least... Now, call that "String" what you will (Some call it a Daisy Chain)... Now, each of those Nodes can have IC and Protective Measures installed to make the Hack more difficult... and the more Secure the Facility you are trying to penetrate, the more countermeasures there will be... Again, I do not think that you would Argue this point... (Though I think I would need to clarify here taht if your node is a Clustered set of devices, you would have access to all of the Devices in the Node so Clustered once you hacked the Node Proper... One of the reason that I do not use clustered nodes that often)


In order for the camera output from node A to be available to node C, or node D, it must be subscribed by the node that is intended to use it. I cannot remember offhand any capacity to borrow the subscriptions of a node you are subscribed to.

QUOTE (Page 232 @ BBB)
Trace User (Track)
...
When you reach the threshold of the Extended Test, you have successfully traced the target, learning the target’s access ID and the location of the device housing the originating node (usually the user’s commlink).
...
You can also use this action to trace a subscription to its other end. For example, you may trace the subscription from a drone to the rigger controlling it.


You can bypass the Daisy Chain by Tracing from the Camera node. Remember that you can use Log On for any node you know exists. There is no "trawl around the wired network dungeon" functionality in the rules (so far as I know, contingent on never finding a rule which requires or describes it).

The rules do govern how it is that you can find node X, but not what you have to hack in order to be able to hack it. You can always Hack node X if you know it exists (i.e. have its AID). If you beat up a Security Spider and steal his commlink, which has a "portal" to the Wired Hidden Security node, you'd not have to hack anything to get to the node so long as I can connect to its network.

A Daisy Chain that can have links ignored by a Hacker is not a Daisy Chain. The Log On action ensures that you cannot implement a Daisy Chain whilst still having access to the outside world, except by use of chained Proxies (which I mentioned in the first post I made in this topic).


Oh, and you can never detect Nodes B, C, or D except by using the Trace User action. That is why I mentioned it in this thread about security. There is actually no way under the rules to detect them. It is not "you can't detect them because you can't make a connection to them". It is "you can never, under any circumstances, detect them because the Detect Hidden Node action requires you be in mutual Signal range of them, which is impossible because they have no Signal."

I still don't understand how you miss the fact that an absolute requirement to detect a Hidden node is that it have a Signal range. Having a wired connection does not give the nodes connected to it a Signal range. They cannot be detected, ever, if they are in Hidden mode.
hobgoblin
if one read unwired, it says that only nodes in active mode will unconditionally forward traffic.

specifically its page 54, routing.
KnightIII
QUOTE (Heath Robinson @ Mar 28 2010, 03:06 PM) *
kjones:

Quote them, please. I must be blind, because I can't find them.


SR4 Corebook, p 223, black side box entitled Network Security
(I dont have a .pdf of the Core, so I am handtyping from the hardcopy. Forgive typos)

"Though wireless networks are easier, they are also a security vulnerbility. While its true most megacorps prefer to avoid cable spaghetti, they do use "cold storage" wired systems in order to isolate them from outside wireless networks and intrusion. In order to access such networks, a hacker needs to gain access to a physucal jackpoint or terminal. <snip>
Not all networks are configured as mesh networks- many corporate systems, in fact, retain a traditional tiered network structure. In a tiered structure, some systems can only be accessed through another system first, with the most secure systems hiding behind several layers of security.<snip>"

You'd really hate the stuff that followed.... vanishing, teleporting, secret trap-door, one way access nodes... its almost like a... a... matrix dungeon. *shiver*
kjones
QUOTE (Heath Robinson @ Mar 28 2010, 01:02 PM) *
From my reading of the rules, I have the strongest confidence in the conclusion you derived from what I wrote. Unless someone can point me to information that suggests that my conclusion is wrong I am not going to act as if the rules say something else.


I just pointed you to information that suggests that your conclusion is wrong! See the example setups on p. 77 of Unwired - these have a tiered security model.

Also, what everyone else said.
Tymeaus Jalynsfein
QUOTE (Heath Robinson @ Mar 28 2010, 11:02 AM) *
kjones:


From my reading of the rules, I have the strongest confidence in the conclusion you derived from what I wrote. Unless someone can point me to information that suggests that my conclusion is wrong I am not going to act as if the rules say something else.


Tymaeus:


In order for the camera output from node A to be available to node C, or node D, it must be subscribed by the node that is intended to use it. I cannot remember offhand any capacity to borrow the subscriptions of a node you are subscribed to.



You can bypass the Daisy Chain by Tracing from the Camera node. Remember that you can use Log On for any node you know exists. There is no "trawl around the wired network dungeon" functionality in the rules (so far as I know, contingent on never finding a rule which requires or describes it).

The rules do govern how it is that you can find node X, but not what you have to hack in order to be able to hack it. You can always Hack node X if you know it exists (i.e. have its AID). If you beat up a Security Spider and steal his commlink, which has a "portal" to the Wired Hidden Security node, you'd not have to hack anything to get to the node so long as I can connect to its network.

A Daisy Chain that can have links ignored by a Hacker is not a Daisy Chain. The Log On action ensures that you cannot implement a Daisy Chain whilst still having access to the outside world, except by use of chained Proxies (which I mentioned in the first post I made in this topic).


Oh, and you can never detect Nodes B, C, or D except by using the Trace User action. That is why I mentioned it in this thread about security. There is actually no way under the rules to detect them. It is not "you can't detect them because you can't make a connection to them". It is "you can never, under any circumstances, detect them because the Detect Hidden Node action requires you be in mutual Signal range of them, which is impossible because they have no Signal."

I still don't understand how you miss the fact that an absolute requirement to detect a Hidden node is that it have a Signal range. Having a wired connection does not give the nodes connected to it a Signal range. They cannot be detected, ever, if they are in Hidden mode.


First: You have apparently missed my point... I have always stated that YOU COULD NOT DETECT NODES B, C, or D because they are hardwired and HAVE NO SIGNAL... we are in complete agreement about that point... Scan REQUIRES a Signal to do anything AT ALL... No Argument...

Secondly: Each node can have a number of Subscriptions equal to twice their System... so Node A is subscribed to Node B (as are several Other Nodes A1-whatever)... Nodeb has a single subscription BACK to Node C (as do Several Other Nodes B1-whatever)... I have never stated that Node C directly subscribed to Node A as that would circumvent an important security protocol (that of a layered System, which is described in Unwired and is the "Missing Information" that you are apparently not noticing... It is a Canon reference to a style of System Security, Which I use religiously, as a Character, even on my own PAN .). Since you can have incremented subscruiptions, this creates a "Chain" of Nodes That MUST be hacked in sequence in order to progress... Since you cannot wirelessly just move to Node C, you must move through the Hardwired security setup... This creates a wonderful chokepoint system that the Hacker must maneuver through if he wants to do anything...

Thirdly: The Trace USER Matrix Action allows you to determine what node originates the Program, and what the User Access ID is... You cannot trace Hardware (as a Camera is)... therefore you cannot just bypass the security measures that are in place... According to the Rules... Page 232 of SR4A... You can only trace ICONS... a Piece of Hardware is not an ICON... In my exapmle... the Camera is running its own security programs (it can do so because it is a Node), thus, you cannot trace a program back any further than the Camera, which is where you are starting the hack at... so in this regard, Trace is entirely useless... as for the next node in the line... you cannot trace it, because you have no access to it, that is what the Exploit Program and Hacking is for... you have to crack the new node... pretty simple..


As for tracking the Other end of the Subscription, it only provides the location and User Access ID... except that the Node has NO User ID... it is a NODE, not an ICON... so again, The Trace User Matrix Action is pretty useless against Hardware...

Even the Log On Matrix Action would REQUIRE you to deal with the requisite security procedures, as indicated in the Action described on Page 231. and you can really only Log On to a system to which you have Access, otherwise you would have to hack it...

Now, let us look at the actual program...

It is used to analyze a user's connection and follow the datatrail back to the originating Node... What allows the program to work is that is is using the mesh web to follow the signal... and this is a very important piece of information... it never accesses another node, as it is using the communications path that is created using the mesh... as a user, you do not connect to every node that you pass through, the signal is just bounced from device to device... you have never entered the Node you are using to bounce... On a Secured system, this is not the case... you MUST pass through each and every node that is along the path, and deal with each and every node's security (assumming that you are not using a legitimate account, which bypasses this with the account's permissions). At that point, If a trace User Action enters a Node, it must do so with an exploit... if the Traking Icon (It is an IC/Agent or User right?) does not have an Exploit program available, the Trace User Matrix Action stops right there... Ironically, many people use Proxy Servers for just this very purpose, though a Node does not have to be a Proxy server to stop the Trace (IE... Proxy Servers have additional Game Mechanics)... once you have traced to a node which requires hacking (assuming that the Trace cannot Exploit its way pas the Node Gateway), that is the access point that is reported back to the User/IC/Agent that initiated the Trace.


Now, all that being said... You are correct that if you were able to obtain the Spider's Hardware (his Comlink or Data Terminal), then you would have little reason to Hack, as his system interfaces the system with no trouble... however, you may still need to Hack if you ever try to go somewhere he was not allowed to go... not all Security Spiders have access to all parts of the System after all...

Security in Depth is going to be the watchword for any Megacorporate entity... whether they are Clas A, AA, or AAA.... Ignoring that partcular paradigm will cause potentially grave exposure to their system, and that is not going to be allowed... That being said, some systems will be more secure than other systems... You may only have a layer or two on a minimal system that is intended for public consumption... however, the ultra-secure Zero AOne Research Facility, buried underground, and protected by Systems that dispense Nerve agent at teh first sign of penetration, and have absolutely no external connection to the Matrix... well these are going to contain as many layers as they think is necessary to keep out the riff-raff, and yet still allow those researchers to do their job... obviously, the first layer of defense is that you will have to crash their party just to have a chance at their network... it only gets harder from there though...

I do Understand now where you come from (for the most part), but am unsure why you still deny the use of Layered defenses on a System, since it talks about such things in the Unwired Core Matrix Rulebook (Please see the Section titled "System Topology, and System Design" pages 72-76). this should clear up a few points I would imagine... Also, there are several exapmles of Tiered Systems, as kjones has pointed out, on Page 77-78 of the Book...

Hope I am not comming off as an Ass or something... I am genuinly confounded by some of your stance is all...

Keep the Faith
Saint Sithney
QUOTE (Heath Robinson @ Mar 28 2010, 08:06 AM) *
As for the accusation that I have a problem with Daisy Chain? Well, yes, I do have a problem with. I stated what my problem with it was in the post prior to this one. To reiterate: Rolling extra dice for no reason is boring, and makes the game bad. Daisy Chains mean extra dice rolling for no reason. Therefore, Daisy Chains suck monkey balls.


It's just a security layer. Sure, hacking through three firewalls isn't as exciting as gunning down three sec guards (although the situation is analogous,) but sometimes it's not about that. If a hacker wants to splice into a secure system and punch his way to the good data, he's going to end up burning some edge to get that done. That's basically the same as a team of runners who break a window and just charge through killing anyone who spots them. Rolling the dice isn't really what's going to get boring here. What makes this boring is that it's a one-size-fits-all solution to the situation. As long as the same methods work, things get stale whether there's one firewall, three or twenty. But, if the hacker should start running into too many problems with the direct approach, he'll have to start getting clever. Like you said, and TJ reiterated, one way to bypass the old-school wired security labyrinth is to just KO someone with access and go through their com. Now you've introduced a multi-staged plan to access the data more effectively, and we're getting the whole team thinking about the matrix and this data theft. That's the real objective here. A GM shouldn't try and frustrate the hacker just to be a dick or whatever you might think the point of this exercise is. The only point to using any matrix security techniques is to make the hacker think of new solutions.

However, players can certainly use these sorts of tricks to frustrate NPC hackers to near helplessness...
kjones
Yeah, I'm pretty OK with the idea that straight hacking hardcore systems from the outside should be hard and not terribly interesting. Matrix security is enough of a joke already in 2072 (Encryption slows you down for, what, a few seconds?) so it needs all the help it can get.
Heath Robinson
Tymeaus:
QUOTE (Tymeaus Jalynsfein @ Mar 28 2010, 08:01 PM) *
Secondly: Each node can have a number of Subscriptions equal to twice their System... so Node A is subscribed to Node B (as are several Other Nodes A1-whatever)... Nodeb has a single subscription BACK to Node C (as do Several Other Nodes B1-whatever)... I have never stated that Node C directly subscribed to Node A as that would circumvent an important security protocol (that of a layered System, which is described in Unwired and is the "Missing Information" that you are apparently not noticing... It is a Canon reference to a style of System Security, Which I use religiously, as a Character, even on my own PAN .). Since you can have incremented subscruiptions, this creates a "Chain" of Nodes That MUST be hacked in sequence in order to progress... Since you cannot wirelessly just move to Node C, you must move through the Hardwired security setup... This creates a wonderful chokepoint system that the Hacker must maneuver through if he wants to do anything...

Thirdly: The Trace USER Matrix Action allows you to determine what node originates the Program, and what the User Access ID is... You cannot trace Hardware (as a Camera is)... therefore you cannot just bypass the security measures that are in place... According to the Rules... Page 232 of SR4A... You can only trace ICONS... a Piece of Hardware is not an ICON... In my exapmle... the Camera is running its own security programs (it can do so because it is a Node), thus, you cannot trace a program back any further than the Camera, which is where you are starting the hack at... so in this regard, Trace is entirely useless... as for the next node in the line... you cannot trace it, because you have no access to it, that is what the Exploit Program and Hacking is for... you have to crack the new node... pretty simple..

As for tracking the Other end of the Subscription, it only provides the location and User Access ID... except that the Node has NO User ID... it is a NODE, not an ICON... so again, The Trace User Matrix Action is pretty useless against Hardware...

Even the Log On Matrix Action would REQUIRE you to deal with the requisite security procedures, as indicated in the Action described on Page 231. and you can really only Log On to a system to which you have Access, otherwise you would have to hack it...

Now, let us look at the actual program...

It is used to analyze a user's connection and follow the datatrail back to the originating Node... What allows the program to work is that is is using the mesh web to follow the signal... and this is a very important piece of information... it never accesses another node, as it is using the communications path that is created using the mesh... as a user, you do not connect to every node that you pass through, the signal is just bounced from device to device... you have never entered the Node you are using to bounce... On a Secured system, this is not the case... you MUST pass through each and every node that is along the path, and deal with each and every node's security (assumming that you are not using a legitimate account, which bypasses this with the account's permissions). At that point, If a trace User Action enters a Node, it must do so with an exploit... if the Traking Icon (It is an IC/Agent or User right?) does not have an Exploit program available, the Trace User Matrix Action stops right there... Ironically, many people use Proxy Servers for just this very purpose, though a Node does not have to be a Proxy server to stop the Trace (IE... Proxy Servers have additional Game Mechanics)... once you have traced to a node which requires hacking (assuming that the Trace cannot Exploit its way pas the Node Gateway), that is the access point that is reported back to the User/IC/Agent that initiated the Trace.


Now, all that being said... You are correct that if you were able to obtain the Spider's Hardware (his Comlink or Data Terminal), then you would have little reason to Hack, as his system interfaces the system with no trouble... however, you may still need to Hack if you ever try to go somewhere he was not allowed to go... not all Security Spiders have access to all parts of the System after all...

Security in Depth is going to be the watchword for any Megacorporate entity... whether they are Clas A, AA, or AAA.... Ignoring that partcular paradigm will cause potentially grave exposure to their system, and that is not going to be allowed... That being said, some systems will be more secure than other systems... You may only have a layer or two on a minimal system that is intended for public consumption... however, the ultra-secure Zero AOne Research Facility, buried underground, and protected by Systems that dispense Nerve agent at teh first sign of penetration, and have absolutely no external connection to the Matrix... well these are going to contain as many layers as they think is necessary to keep out the riff-raff, and yet still allow those researchers to do their job... obviously, the first layer of defense is that you will have to crash their party just to have a chance at their network... it only gets harder from there though...

I do Understand now where you come from (for the most part), but am unsure why you still deny the use of Layered defenses on a System, since it talks about such things in the Unwired Core Matrix Rulebook (Please see the Section titled "System Topology, and System Design" pages 72-76). this should clear up a few points I would imagine... Also, there are several exapmles of Tiered Systems, as kjones has pointed out, on Page 77-78 of the Book...

Hope I am not comming off as an Ass or something... I am genuinly confounded by some of your stance is all...


Let's ramble on at you a little.

You put far too much stock in the names given to the actions you can take. I don't care if an action I take is called "Rape Small Children" if what it does is trace a subscription back to its originating node - which is what the "Trace USER" (your emphasis) action does.

QUOTE (Page 232 @ BBB)
Trace User (Track)
You trace an icon back to its originating node.


Oh, and having a subscription puts your Persona into the node you subscribed to, as you can't acquire a subscription without taking the Log On action.

QUOTE (Page 231 @ BBB)
Log On (System)
You open a subscription to a node, and your icon appears there.


I can find no other way to acquire a Subscription to a node. Tell me if I am wrong.

It's never outright stated (at least any more), but it is implied in the RAW that you need to have a Subscription to use a sensor.

QUOTE (Page 246 @ BBB)
In many buildings, all security devices are subscribed to a central node on which a spider can jump into the entire security system.


One can also argue that proactively perceiving your environment using a Sensor is basically commanding a device, and would require a Subscription. The point is that without subscribing to the Cameras from the security node(s) there is no way for their information to be used except for ad-hoc subscriptions from the guards on the ground. They pose no threat without being subscribed.


In a secure network nothing. You have yet to explain a way to set up a Daisy Chain that does not fail, or does not involve negating any benefits you can draw from the network in the first place.


I'm not saying that you can't layer defenses, but the idea that you can increase how arduous a Matrix intrusion is by merely throwing money at the problem is basically bad for the game. The Matrix needs to be designed so as to present a level playing field between the PC Hacker and the Corp, and it is (for the most part, leaving aside Agent Smith fiascoes). The fact that having more nodes does not make it more difficult to hack you is a positive feature of the rules. Information control must be the primary means of securing a Matrix node, because that is the only way to justify any major Corp being dominated by a small group of elites.


KnightIII:
QUOTE (KnightIII @ Mar 28 2010, 06:30 PM) *
SR4 Corebook, p 223, black side box entitled Network Security
(I dont have a .pdf of the Core, so I am handtyping from the hardcopy. Forgive typos)

"Though wireless networks are easier, they are also a security vulnerbility. While its true most megacorps prefer to avoid cable spaghetti, they do use "cold storage" wired systems in order to isolate them from outside wireless networks and intrusion. In order to access such networks, a hacker needs to gain access to a physucal jackpoint or terminal. <snip>
Not all networks are configured as mesh networks- many corporate systems, in fact, retain a traditional tiered network structure. In a tiered structure, some systems can only be accessed through another system first, with the most secure systems hiding behind several layers of security.<snip>"

You'd really hate the stuff that followed.... vanishing, teleporting, secret trap-door, one way access nodes... its almost like a... a... matrix dungeon. *shiver*

Not in my book. Page 223 has a big illustration at the bottom of the page and the Device Modes, Persona Programs, and Access IDs headings. The sidebar you quote is nowhere to be found when I looked through the rest of that chapter, either.

Are you using a previous printing or something?


Sithney:
QUOTE (Saint Sithney @ Mar 29 2010, 10:37 AM) *
It's just a security layer. Sure, hacking through three firewalls isn't as exciting as gunning down three sec guards (although the situation is analogous,) but sometimes it's not about that.

Shooting security guards is an opposed test. Hacking a firewall is an extended test. These things are not the same. Not even analogous, really. One has a set of different actions you can choose between at each step ("now I throw a grenade because I like the explosion noises the GM makes"), the other does not. ("Okay, we've rolled N times, SO NOW IT'S TIME FOR ANOTHER ROLL, GUYZ!")


kjones:
QUOTE (kjones @ Mar 28 2010, 06:45 PM) *
I just pointed you to information that suggests that your conclusion is wrong! See the example setups on p. 77 of Unwired - these have a tiered security model.


Once you know about Node N, you can go straight to it. That's not a Daisy Chain since you are not mandated to pass through each previous node in the chain before you can access any given Node. That's what the Log On action says, and the information on Chokepoints doesn't actually contain any references to rules concepts at all. The idea of a Gateway is founded firmly on the idea of Matrix Dungeon Crawl, but MDG is not possible in SR4 because there are no limits (that cannot be bypassed) to what you can use as a target for the Log On action based on where you are.
KnightIII
You seem very fond of the Log in and subscription rules. So, I am morbidly curious. Lets say the corp put all its data into a computer terminal. It loads up a firewall, an IC and then plugs in a cat5 cable, runs it to a router. The router unit also has its own firewall, possibly an IC. Another cat5 runs to another computer. With, of course, its own firewall and IC. That computer is connected to the matrix. For kicks the corp drops the data computer in a hole, fills halfway with cement, then drops the router in and finishes filling the hole with cement.

Now, basic logic suggests that a typical user will log onto the terminal thats not buried in the cement, and from there be sent to the router, which will validate their credintials, and allow them access to the data computer which will also request for them to log on. Theres no shortcut. Neither the router nor the data computer has a wireless connection. You're going through at least three levels of security to get there. You could know everything there is to know about the data computer and still wont be able to get there without going though the comm computer and the router first.

And to answer you question, my core book is older. Its a "corrected 3rd printing by FanPro LLC". So it may be different from newer ones. But that aside, the above logic is sound.
kjones
QUOTE (Heath Robinson @ Mar 29 2010, 02:20 PM) *
Once you know about Node N, you can go straight to it. That's not a Daisy Chain since you are not mandated to pass through each previous node in the chain before you can access any given Node. That's what the Log On action says, and the information on Chokepoints doesn't actually contain any references to rules concepts at all. The idea of a Gateway is founded firmly on the idea of Matrix Dungeon Crawl, but MDG is not possible in SR4 because there are no limits (that cannot be bypassed) to what you can use as a target for the Log On action based on where you are.


I love how you're completely ignoring the intent of the Matrix rules here. Do you really think that you understand how this stuff should work better than the people who wrote it?

Maybe I'm getting a little ways away from RAW here, but security through obscurity is no security at all. All it would take is for a single lucky hacker or disgruntled worker to leak the address of Zurich's innermost layer onto the Matrix at large, and suddenly every two-bit hacker and their mum would be swarming over it like flies on a carcass.

That makes no sense whatso-goddamn-ever.
Tymeaus Jalynsfein
QUOTE (Heath Robinson @ Mar 29 2010, 12:20 PM) *
Tymeaus:


Let's ramble on at you a little.

<Snip>

Once you know about Node N, you can go straight to it. That's not a Daisy Chain since you are not mandated to pass through each previous node in the chain before you can access any given Node. That's what the Log On action says, and the information on Chokepoints doesn't actually contain any references to rules concepts at all. The idea of a Gateway is founded firmly on the idea of Matrix Dungeon Crawl, but MDG is not possible in SR4 because there are no limits (that cannot be bypassed) to what you can use as a target for the Log On action based on where you are.



Lets address this shall we...

First... You cannot bypass Hardwired Node A, B, C, And D to get directly to Node E by some magical teleport that does not exist in the rules... IF the system is set so that you are chokepointed at A, B, C, and D before you get to E, YOU MUST pass through all of these nodes in sequence and deal with their attendant security one at a time... that is just how it is... by the Book... That is what Chokepoints are all about... You are MANDATED to pass through each chokepoint, if that is how the system is configured...

Second... Subscriptions are from node to node, not from Node A to Node E (though you could definitely set it up this way if you wanted to d so, not sure why you would want that though), Completely bypassing Node B, C, and D, if that is the way it is configured... If Node A only subscribes to Nobe B... you can not use that subscription to access Node E... It Does not work that way, either in the descriptions of the Rules in the Book, nor in the examples provided...

Third... As far as the Trace User Action... It traces the User back to a Physical Node form which it accessed the Wireless Matrix... (in my example, Node A)... It DOES NOT give you the User at Node E; for that you would have to Hack from A to E and the Trace Program is not capable of that action... the only things that can perform that action is a Persona, IC or Agent that has the Relevant Program... so in this case... you get the Node, as described in the Description, just not the User...

As for the Log On Action... Only a persona or Icon can perform that action, Hardware does not do so, so a Hardware that is always connected does not have to "Log On"... it is connected by a Subscription (either Hardwired or Wirelessly)...

I have detailed at least 2 methods of securing a network using layerd nodes... you refuse to see that the RULES I am using are indeed the same RULES that the developers used to set up their examples of a Tiered System... I am beginning to think that it is not my explanations that are the problem, but your understanding of the way the Hacking Rules and System Design in Shadowrun inter-relate and operate...

QUOTE
I'm not saying that you can't layer defenses, but the idea that you can increase how arduous a Matrix intrusion is by merely throwing money at the problem is basically bad for the game. The Matrix needs to be designed so as to present a level playing field between the PC Hacker and the Corp, and it is (for the most part, leaving aside Agent Smith fiascoes). The fact that having more nodes does not make it more difficult to hack you is a positive feature of the rules. Information control must be the primary means of securing a Matrix node, because that is the only way to justify any major Corp being dominated by a small group of elites.


I think that you show a smattering of Hubris if you think that systems should be a level playing field between Runners and Corporations... Especially when a corporation has millions at their disposal for system security... Systems are going to be designed with System Security foremost.. Not towards the considerations of those who would break into the system and rape it of its resources...

The Fact of having more nodes means that it will take you that much longer to hack that system if you want to get to the good paydata... there is really no way around that dilemma... any other response portrays the Corporations as stupid and carefree... Informational Security is just a small portion of what actually goes into securing a system...

Using your interpretation means that the Corporation is not being dominated by a few hacker Elites, but by the masses of Script Kiddies with time on their hands... Whereas with my Interpretation, those Hacker Elites are the only ones that will hit the really big systems... those that the Script Kiddies hit and die on en-masse... These are the systems that Fastjack, Dodger, and some of the more old school hackers hit... you cannot get more elite than that...

And yes, that means that any system that has more common architecture will likely pose little to no challenge to the dedicated hacker... he will get no thrill from the attempt, and will penetrate the system almost at whim... this fits the cannon pretty well in my opinion... I mean really, how exciting is it to take the local Azmart node and make it dance to your every whim... <Yawn... Boring>

Hope that this helps... I do truly enjoy the discussion, as it has gone so far...

Keep the Faith
rumanchu
QUOTE (Heath Robinson @ Mar 29 2010, 10:20 AM) *
Not in my book. Page 223 has a big illustration at the bottom of the page and the Device Modes, Persona Programs, and Access IDs headings. The sidebar you quote is nowhere to be found when I looked through the rest of that chapter, either.

Are you using a previous printing or something?


The sidebar in question appears on page 223 of the non-Anniversary edition of the Core Rules. I assume that it has been left out of the Anniversary Edition because the examples given in the sidebar are (somewhat) fleshed out in Unwired.
Heath Robinson
KnightIII:
QUOTE (KnightIII @ Mar 29 2010, 08:59 PM) *
You seem very fond of the Log in and subscription rules. So, I am morbidly curious. Lets say the corp put all its data into a computer terminal. It loads up a firewall, an IC and then plugs in a cat5 cable, runs it to a router. The router unit also has its own firewall, possibly an IC. Another cat5 runs to another computer. With, of course, its own firewall and IC. That computer is connected to the matrix. For kicks the corp drops the data computer in a hole, fills halfway with cement, then drops the router in and finishes filling the hole with cement.

Now, basic logic suggests that a typical user will log onto the terminal thats not buried in the cement, and from there be sent to the router, which will validate their credintials, and allow them access to the data computer which will also request for them to log on. Theres no shortcut. Neither the router nor the data computer has a wireless connection. You're going through at least three levels of security to get there. You could know everything there is to know about the data computer and still wont be able to get there without going though the comm computer and the router first.

"Basic logic" says sweet fuck all until you state your assumptions. I believe one of yours is "you can only use Log On for nodes that are topologically adjacent to your current node", and you are trying to prove the proposition "you can only use Log On for nodes that are topologically adjacent to your current node". In other words, I believe you are begging the question. Sophistries become no-one.

Let me answer, though, through a question. Did you log onto a backbone router as part of making your way to the Dumpshock forums? Why would needing to do so be any more "logical" or secure?



Tymeaus:
QUOTE (Tymeaus Jalynsfein @ Mar 30 2010, 01:21 AM) *
First... You cannot bypass Hardwired Node A, B, C, And D to get directly to Node E by some magical teleport that does not exist in the rules... IF the system is set so that you are chokepointed at A, B, C, and D before you get to E, YOU MUST pass through all of these nodes in sequence and deal with their attendant security one at a time... that is just how it is... by the Book... That is what Chokepoints are all about... You are MANDATED to pass through each chokepoint, if that is how the system is configured...

Second... Subscriptions are from node to node, not from Node A to Node E (though you could definitely set it up this way if you wanted to d so, not sure why you would want that though), Completely bypassing Node B, C, and D, if that is the way it is configured... If Node A only subscribes to Nobe B... you can not use that subscription to access Node E... It Does not work that way, either in the descriptions of the Rules in the Book, nor in the examples provided...

Third... As far as the Trace User Action... It traces the User back to a Physical Node form which it accessed the Wireless Matrix... (in my example, Node A)... It DOES NOT give you the User at Node E; for that you would have to Hack from A to E and the Trace Program is not capable of that action... the only things that can perform that action is a Persona, IC or Agent that has the Relevant Program... so in this case... you get the Node, as described in the Description, just not the User...

As for the Log On Action... Only a persona or Icon can perform that action, Hardware does not do so, so a Hardware that is always connected does not have to "Log On"... it is connected by a Subscription (either Hardwired or Wirelessly)...

I have detailed at least 2 methods of securing a network using layerd nodes... you refuse to see that the RULES I am using are indeed the same RULES that the developers used to set up their examples of a Tiered System... I am beginning to think that it is not my explanations that are the problem, but your understanding of the way the Hacking Rules and System Design in Shadowrun inter-relate and operate...


Look, you totally misunderstood my point about subscriptions and cameras. In order to use the cameras you need to have them subscribed on your node, right? Well, if you are using the Security node to monitor the cameras, then those cameras need to be subscribed on the security node. Your model involves the following chain of subscriptions:
An -> Bm -> C -> D
However, to have camera data accessible in D you need a subscription from D to An (D -> An). Then you can trace the subscription back to D and avoid the chain entirely. Your "chain" involves having no capacity to use your resources.


Let's just discuss for a moment what your second chain design involves. A subscription can be mined for information only (since the Trace User action only gives you information on where a subscription originates, and Matrix Perception tells you what a node has subscriptions to). Having a subscription to a node does not give someone in your node special powers (it doesn't even let them use actions that require a subscription to the target since they have to have the subscription), right? So you need Information and the Log On action to get to Node N (since Log On does not need a subscription). Your chain is therefore based on occluding the existence of nodes beyond the next in the chain.

Once you know that node C or D exists, however, you must be able always use Log On to get to them. But, like I said, a subscription gives people in the node that the subscription is on have no special powers, so it must be that only the Information gives them the ability to use the Log On action to get to the next node. Since Info + Log On lets you access a node, Log On always being available, the only thing that prevents you from accessing node X is Info. If you can get the Info for node D, then you can access it.


The Log On action, sure, has to be taken by a user of a node, but the Subscriptions are held on the node itself. Nothing stops a user from using Log On with one of the Personas a node can generate and then just leaving everything as is and walking away. It creates a Subscription that hangs around - how else do you have your devices slaved 24/7?


Your previous attempt at a chain design failed because having an Account on a Passive node gets you Access to the node. You can Hack an Account for yourself, so the Hacker can get Access by... Hacking. Gee, that'll hold them off! (Should I really have to remind you why you failed previously?)

You have not detailed one working Daisy Chain. Looking at the things written in the "Tips and Tricks" section, I can find nothing that looks like a rule, and nothing that looks like it interfaces with any existing rules. The very title, to me, implies some exploration of the higher level ramifications of the rules - but rules relating to the implications of network topology on matrix actions, I cannot find anywhere.


I refuse to answer the text that accuses me of hubris except to note that you misunderstand my interpretation. Information control becomes a vital part of running a secured site, and the first step a hacker takes towards a hack is to do legwork on their target to get get the location of the target node. Script Kiddies don't do legwork



kjones:
QUOTE (kjones @ Mar 29 2010, 10:43 PM) *
I love how you're completely ignoring the intent of the Matrix rules here. Do you really think that you understand how this stuff should work better than the people who wrote it?

Maybe I'm getting a little ways away from RAW here, but security through obscurity is no security at all. All it would take is for a single lucky hacker or disgruntled worker to leak the address of Zurich's innermost layer onto the Matrix at large, and suddenly every two-bit hacker and their mum would be swarming over it like flies on a carcass.

That makes no sense whatso-goddamn-ever.


Your understanding of "intent" is the product of your own ruminations, and therefore intimately shaped by your own perceptions and beleifs. You are labeling your own impressions the "intent" of the writers. Well, in all likelihood. The only way you could know the actual intent of the writers of the Matrix system would be... well, to be those selfsame people. If so, please enlighten us so that I may angrily rant at you about its failings.

The response to a verifiable breach of information security for a server that you happen to control is to take that server offline and give it a new identity. Your'd almost think that there aren't two different ways to do that under RAW, the way you're talking.




Addressing Chokepoints:

QUOTE (Page 72 @ Unwired)
Chokepoints
...
One way to limit the vulnerability of a large network is to allow only one or two nodes that act as gateways to the rest of the system. The rest of the nodes in the network are then kept behind wireless impeding materials or are linked by fiber optic cables and have no wireless capability at all. Much like a checkpoint in a real-world facility, when all traffic enters at a single point, a spider can keep the network secure by monitoring only those nodes that have outside access.


There is no imperative statement about the effects of topology in this paragraph. It is a discussion of the ramifications of topology, but the underlying rules that would support these conclusions do not exist (any more, maybe) so far as I can see.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012