Hi everyone this'll be my first time posting on dumpshock. Nice to meet Everyone

I have a question. If I daisy-chain a series of proxy commlinks together using a a fiber-optic cable will this assist in slowing down or stopping an invading hacker from getting to my main comm? What are the ups and downs to doing this?

The idea behind this is that the main commlink is being protected by several layers of proxy commlinks each with a firewall and denfense agents with the last one being public and having wireless transmission that holds all my falsified documentation.

Any thoughts or am I just over complicating things?

Welcome. Mind your fingers and don't feed the inmates.

You've touched upon a subject of debate here. In terms of hacking, to get to the 'end node' I would say, sure this adds layers of defense that would have to be passed in order to get to that last node. It would have little to no effect in defending (we'll say you, for this example, as in this is your node/commlink chain), as your telepresence location is considered to be where its at. Example, if you're using this link chain to hack into someone else's node, the number of links you have doesn't matter, all that matters is where your 'matrix form' is located (usually, in this case, its in someone else's node)

I would say there is still a benefit for the chaining though.

Heh, this is the like the fifth time in the past month this has come up.

It will protect somewhat against someone coming IN.

For a simple set-up, throw a high Analyse program in each commlink and have it set to shut off the hardware if it detects an intrusion. You can, of course, get a lot more complicated with layered defenses. In the end, though, it's not so much "stopping" an intruder as "slowing him down".

However! If you are connecting OUT to the Matrix via that commlink daisy chain, and run into some nasty IC or enemy, chaining the commlinks won't do a damn thing to protect you from the attacker. You have an Icon extended out into the Matrix, and that provides the attacker a direct line to your persona.



-karma

This is more for protection from hackers trying to get into my primary comlink without my notice and start messing with the data and other stuff inside there.

One of my other concerns is whether or not this daisy-chain configuration will slow down my activities in the matrix assuming that each comm carries similar or better stats to the primary one.

It won't effect going out. Keep in mind that one of the things about the matrix is where your virtual self is.

1. Hacking anothers comm, your vritual self is on his com (the chain of comms has no effect on your matrix capabilities in another node).
2. Defending your main comm, they will have to hack through your wired links first (but they can shut down the first com, so you'd have to activate the wireless node on another commlink in the chain).
3. If all but your main commlink is wireless you only really need 1 other commlink (the rest are not worth it as an intruder is 1 node away from the main commlink).
4. Good encryption is cheaper, and going beyond 3 linked nodes is probably not worth it.
5. Slaving all wireless stuff to the main comlink is a good idea too (Tacnet, otherteams comms, drones, smartlinks, etc,etc).

Another thing to remember is that whatever you can do, your GM can do.

That's one of the problems with taking the layering or optimization route; if it's interpreted to work the way some players want to read it, if you use it to protect your gear, then logically anything of significance out there in the corporate world will be set up with the same set of protections, only as large and robust as money can buy.

Putting a fake commlink with a fake SIN and legal stuff on it as your wireless connection and running your main commlink in hidden mode with all your high-tech illegal software and cyberware linked in is almost standard practice, at least among those with significant software.

But the value of going beyond that is a topic of much debate.

Remember that if you're hacking from your main commlink that you get response degradation for each proxy in use. If you're hacking from a commlink on the outer edge of the chain, then what's the point of layering anyway?

I don't recall the degradation when using the commlinks in this manner. But the advantage in defense is that if the intruder wants to crash your home node he'd have to go through the others. As I recall, the intermediate comlinks in the daisy change funtion like a router (and this is how the wireless matrix works too).

As I understand it, most everyone agrees that you can stack one commlink in front, running public, with your main commlink running in hidden. This gives you a basic layer of protection. It's similar on a conceptual level to how routers/gateways/servers work today.

It also seems to be the default assumption for the structure of Matrix nodes - a single door in/out that must be hacked in order to gain access to all the other linked nodes on the network. Secure nodes may not be on that network at all - probably no matrix access - and thus can require an "in the meat" visit.

The main point of debate is whether or not you can put more than one router/server/gateway in place with a single sequential order that forces someont to hack through many levels. Further points ask what the cost is, besides just nuyen, to doing things this way, and why aren't AAA-secure facilities built with this kind of protection.

Query: Wouldn't daisy-chaining with a fiberop cable connecting all of them sort of defeat the purpose?

Apparently, you have to hack through each node. Not sure why.

1) I'd have a ball with glitches on that system. You've added a lot of points of possible failure.

2) If someone does get in and realizes what you have, they're golden. They can drop anything in the middle of that chain and you'll be fighting your own haystack trying to find the needle that's betraying you.

3) I don't know anyone who does a lot of software work who doesn't regularly curse their firewalls (and even more frequently the firewalls of their customer). If you have some new software that you want to use, you're gonna have to get past all those firewalls. The first one is assumed to be taken care of when you install, but the whole point of a firewall is to keep something new from getting through. I can easily see you having to make a lot of rolls when you upgrade or get some new ware.

Degradation occurs when you set tyte comlink cahin as Proxy Servers... you would generally not want to do this because of the degradation... A better option is to just chain them, and thus you will have no degradation, it is just another node that you pass through... In this manner, it is also just another node an intruding hacker has to pass through, though you could protect the hell out of them. As a note, this becoems expensive somewhat quickly, so it is probably not something that you would want to do if you are lacking in funds.

On the other hand, it's essentially nothing to most corporations, which means you're never getting in.

No, it means that getting in is going to take a fair amount of time and expertise, and you will not do it trivially. Not everyone can be FastJack after all...

And yes, Most Corporations will take this route...

Thanks for clearing up the rules on degradation

For a second there I thought this comlink topography wouldn't be all that useful after reading pg 104


quick question though. If all the nodes are protected by firewalls does this also help in slowing down an invading hacker without slowing down my response?

double post sry bout that

Are you running anything on those nodes besides firewalls? Are you running Encryption, Analyze, and an Agent? Are you running them at level 3 or at a level that's going to detect a serious threat and alert you? Are you spending enough cash to give those agents the response and system to depend themselves or are you expecting them to alert and delay you while you log out and unplug the commlink. (And then what? Do you manually check all those commlinks before plugging in again?)

I'm trying to figure out what you're planning on doing. Either you have a lot of daisy chained Sony Emperors that can be hacked on the fly by an agent program while the hacker is busy elsewhere or you have a very expensive collection of high response and system comlinks (with NO signal rating) running expensive software. If you actually price out the system, you could then test the difficulty of hacking it.

Expense is the biggest drawback, as suoq said. All it will really do is delay the dedicated hacker: instead of doing one probe, they have to do three (if there are three chained commlinks). It is far more economical to just use Strong Encryption (changed regularly, be it weekly or monthly) on the hidden node that is your main commlink, with perhaps a cheap decoy commlink for public use.

I think I'm going for the high system & response comlinks with defense software & agents running on it but I'm likely going to keep it to a maximum of 3 or 4 total comms which includes the transmitting wireless comm.

Eh. "Too expensive" can be a problem, but "Not Paranoid Enough" can be a bigger problem.

Do all of it. Layered nodes WITH strong encryption and decoys.

You can always adjust your spending habits to budget for a big purchase. Adjusting anything is much harder if you are dead because decided to be cheap on your security.





-karma

And for basically any corporation (not just the big boys), the money that would cost is trivial.

You keep saying that like the Corporations are not doing this already... they are...

When is the last time you hacked a Corporate System and it consisted of only a single Node? I would be willing to bet that you can't tell me, as a single node system is ludicrous for something as large as a Corporation, let alone a Mega.

hi hi

I don't know if I have any particularly useful advice. After my character got her cybereyes hacked I decided to actually lay out my commlink defense topography.

This is what I came up with.

Perhaps it will give you some ideas.

No, Tymeaus, I mean that any corp could easily have *hundreds* of layers, to the point that any hacking takes longer than physically rerouting the network; that is, literally unhackable. The ZO is only listed as having like 16, so no, I think it's right to say that no one is doing this.

The problem with hundreds of layers instead of 10s of layers (increasing the number of layers by an order of magnitude) is that you've just increased your downtime by an order of magnitude. You can build redundancy into such a system but that's yet another (quite large) cost increase and never seems to buy one as much as it seems it should.

I gave up saying this in the other thread so I don't know why I'm saying it here. People prefer to use systems that work easily and are easily repaired. To this regard simple and open is better than complex and closed.

Imagine doing this to your house, where to bring the groceries in you would have to open hundreds of doors, every single trip. And pray none of those doors ever get stuck when it's raining. Yes, you're a lot more secure. You're also spending so much time installing and dealing with your own security that you're not getting anything done. One door? Not a hassle. Apartment complex so you have two doors? A bit more of a hassle and that outer door seems to add a lot more hassle than it does security, but still, doable. Closed complex with locked buildings and locked offices? Three levels of security and it is a daily hassle. The more you have the worse it gets. If it's done right, you get false positives locking out files you need to work with. If it's done wrong, those false positives get through but they get through by using the security holes everyone has found because they need the holes to get their work done.

Working in an open environment is a lot more productive than working in a SCIF. The costs of a SCIF are a lot more than just the physical costs. The loss in productivity, the constant inspections/upgrades to make sure the systems is up to current threats, the downtime during upgrades, all cost money. And corps have a bottom line too.

And yet, I persdonally use three layers at home in real life... And the Corporation that I work for uses even more, throughout our infrastructure... So, If I work for a Corporation that would barely qualify as a "A" rated Corp in Shadowrun, and yet they employ a dozen layers of varying sophistication or so, what are the really big Corporations doing? My point is that it is not as large of a problem as you are making it out to be.

In game, my Hacker uses 3 Layers of Security on his personal Comlink Setup... Once I implemented that scheme, it dropped Successful Hacks to a miniscule amount. A minimal Corportaion System probably has Hundreds/Thousands of Nodes within the System Layout, some of which willbe layerd and some which will not be layered (We have over 15,000 independant Nodes with a dozen, or so, massive Server Farms and 2 Independant Process Centers, and over 100 Remote Operations Centers in my Corporation for example). You put the security where it matters the most. We can isolate a system with little lead time, and yes, it makes it difficult to hack. That is why you sometimes need to be onsite rather than remote hacking...

Just because you do not think layered systems are workable does not mean that they aren't.
Layered Systems are a tradowff between functionality and security... you put them in where it makes sense to do so...

That's not at all what I said. I said they're vastly *too* workable.

Oh, Sorry... Then Yes... They are...
Been a crazy week, so I apologize for the misunderstanding...

And I do think that they would be pretty preverlant in Shadowrun... They are prevelant now, so why would that change? The big difference in Shadowrun is that they will be more susceptible (in a lot of ways), because the paradigm had to change to allow Hackers to be a viable option for play. It sacrifices reality to allow fun... I am okay with that... even if there are some systems that overcompensate... it just makes it more of a challenge in my opinion.

At least at our table, many of the low-wnd systems are no longer much of a challenge, so we use the Autosuccesses rule and scale time based upon what we are looking for. In actual run scenarios, though, well, they don't hire us for the easy stuff, so we then use all of the complexity that the system allows. I like the mix personally.

Complicated Matrix topology aside, there is a fantastic reason to daisy chain your commlinks. I'll present a scenario.

Dodeckerhedron, a tricksy hacker, likes to daisy chain three nodes before getting to her PAN. Her PAN contains all of her subscribed links to the rest of her parties TacNet, so she wants to make sure that this is well protected. Lets call her nodes N1, N2, and N3. N1 is her central node, and N3 is the node that extends to the outside world. N2 is a router between N1 and N3.

Dodeckerhedron works from N3 to hack the outside world and subscribes an encrypted link to N2. N2 is running [System]-1 programs, one of which is an [Analyze] program that is scripted to do two and only two things. 1) Pay attention to [Response]. 2) If [Response] drops, there is an immediate physical hardware shutdown.

Why is this better than other uses of layering? Dumpshock, baby. Any hacker that has to come through the door way falls into N2, which is the Matrix equivalent of an medieval murder-hole between the front gate and the inner gate.

Question: Dodecahedron is hacking (i.e. is outside the front gate) and that murder hole gets activated, Dodecahedron also suffers from dumpshock., correct? Or am I missing something?

And is that an Analyze program or a low level agent? Do common use and hacking programs run scripts? (I realize the scenario makes sense, I'm just trying to figure out how the heck that works.)

Well, if you have three independent commlinks running, the middle node going down wont effect either of the other two.

As far as how to get the system set up, I would make a [LOG+Hardware] roll to install a photosensitive trigger (10 ) that is covering a small LED inside the commlink. The LED is on when [Response] >= X, and off when [Response] < X. Hacker comes in, [Response] drops, light blinks off, device is turned off.

Only if you are using them as "poxies" as in making all traces end there and getting the +4 dice to protect against a trace. If the link is transparent then no degradation and you're still defended.

You've lost me.

[N1 The node she's starting from where all her software is]--[N2 router]--[N3 connection to outside world]--[N4+ Outside world. Where she is right now]

becomes

[N1] [N3]-[N4+]

How is this not dumpshock (same as Crash Node)? With no N2, shouldn't she be booted (and HARD) from N3 and N4? What am I not understanding?

I guess she would have to be using N2 and N3 as proxies, which does hurt the utility of my trap. I'll have to think up something more devious.

Actually, if they are set up as indicated, with the 2nd one connecting the other two together in series, when the 2nd one goes down, both are dumpshocked... The incomming Hacker is shut down while in the 2nd node (Hopefully), and if the Owner is using the 3rd (Outer) link and is doing his thing (Assuming he is VR of course), connected through the other 2... at some point, he will be dumped when the 2nd link goes offline unless he has taken other precautions, and honestly, if that is the case, it is possible an intruder could hack those options themselves.

But you have seen that already, so no problems...