This has been discusses briefly in several threads, and we started talking about it again in the Stick and Shock thread.

So, I decided to break it apart.

How should a shadowrunner have their PAN configured? How many commlinks should he be using and what should they be doing.

A shadowrunner who has:
smart gun(s)
sensors
cyberware
Image Enhancements
Cyber eyes or contacts/glasses/goggles, ear buds, sub voc mic

How does he protect those from combat hacking.

You still only have 1 set of DNI
How do you split your smartlink and imagelinks
How do you deal with cybereyes and ears

Do you have 1 commlink, with everything skinlinked to it. And you fill your commlink with a rating 6 firewall, rating 6 system, and a Kitsune IC?
Do you have multiple commlinks, including one that has wireless turned off? What do you slave to which commlink in that case.

Thoughts? Concepts?

It's really, really simple.

Wireless off. Period.

You have a your first commlink set with no wireless at all running your PAN, hardwired. Runners will probably be the last people in the world to still have fiber optic wires snaking through their clothing. It's archaic and old fashioned for the era but you can't wirelessly hack something that has no wireless.

You have a second Commlink set in Hidden mode running your team communications and anything else that absolutely requires wireless capacity. This commlink NEVER connects with the first one. At most, if you need to transfer data, you physically use a data chip to do so.

You have a third Commlink set in Public mode that you can switch on and off as needed. This is a decoy.

You have backup equipment just in case any of these gets compromised.

If you really want to, and are just wanting to protect your comms rather than trying to hack other people, you can daisy-chain a few wireless-off commlinks in your second set, with only the end unit having wireless. Load up the intervening Commlinks with max rating defensive stuff and have them continually run Analyze, set to shut off the Commlink the moment they detect an intruder.



-karma

I believe, but need to hunt through the rules, that an agent on that commlink gets to add his rating to the firewall's rating.

I'm unaware of any reason you can't run firewall 6 on all of your devices, all the way down to the cybereyes. Do you need to buy those firewalls separately?

Edit: Correct me if I'm wrong but "Wireless off. Period." means no tacnet, ever. Correct? I'm also assuming that it just isn't feasible for hackers and riggers.

That doesn't sound right, suoq.

Personally, all that non-wireless is just too annoying. But it certainly works, if that level of security is needed in your game.

Indeed: the whole point of SR4 is being able to share all your data with all your people *right now*.

Unless you crack the copy protection. And then you're probably not as likely to get the updates you need, which means it will degrade right quick!

I meant that any equipment you have that has no business being connected outside your PAN should be isolated from the Commlink that you use for communications.

Basically, you run three separate PANs. One non-wireless for your personal stuff that doesn't need wireless. One for your team comms/tacnet/etc. Third one is a decoy to make you look like Joe Q. Public.

There's no good reason for, say, your cyberarm to be publically accessible to wireless hacking. If your cyberdoc needs to access the maintenance stuff, he can bloody well plug a cable in.


-karma

Wiring components for communication while secure is not a necessity. Skinlink gives you the same security, is easier to set up and less likely to attract undue attention, no plugs or cables.

Unless you want to be able to turn the pain signals on and off, and other (tiny, minor) tricks; best to skinlink or something, in that case. Still, *no* fun, hacking cyberware is classic cyberpunk. I guess you'd have to go in through their main node.

Thar would work through the limb's DNI no ?

Can skinlink be added to everything? I'm thinking contacts/glasses/goggles/earbuds at the moment. What can and what can't be skinlinked?

The most important factor for skinlinking is "is the thing reliably in contact with my body ?", including through a few millimeters of clothing. If the answer is "Yes", then skinlink is a possibility, as it does not really use up more space and use more power than a wireless interface.

It might not work for the tacnet: you need to feed it sensory input.

Alright, lets say you have 3 commlinks.
They all still need to access your DNI and or your imagelink/smartlink.

You can't slave your contacts to all 3. You can subcribe your contacts to all 3, but it has to be a wireless connection.

If I hack your public commlink, and get into your glasses/contacts/cybereyes, or your DNI what can I do?
What can't I do?

My "paranoid old man" merc character has an extra battery of sensors for that, and a set of glasses with imagelink rather than routing the data to his cybereyes.



My rigger doesn't share the "no wireless" philosophy, she has software defenses instead.

Probably the main thing that differentiates the two worldviews is that my merc has minimal hacker skills and my rigger is really very good at it.



-karma

skinlinking cybrware makes sense. His cyberdoc attaches a lead to the skin and he can access the cyberware in the persons body.

Wouldn't have to be THAT obvious. Even today Scott-E-Vest makes clothing with built-in hidden cabling channels for routing wires around to various devices.

I personally envision a "network harness" or light vest that you wear under your jacket, like the harness for a pistol shoulder holster except with embedded wiring and attachment points & pockets for devices.



Separate sensors & glasses for the wireless PAN.



-karma

3 Other Options:

Slave to master commlink which is well protected (Though suceptible to spoofing-is a good way to get a tacnet up).
Pan and all attached devices set to signal rating of 0 and devices are then slaved.
Jammers:Kill the oppositions comms (downside, they know you're there).

You can only wear 1 set of contacts, and 1 pair of glasses.
How do you seperate out what you want, and what commlinks is it on

here you go: https://www.urbantool.com/hq/holsters/show-businessholster2

several pockets for smartphones and other tech, and wire channels for headphones and such.

Well, my main SR character has cybereyes for all the non-wireless chatter, glasses or contacts for the wireless-required stuff. Contacts have to be wireless anyhow.

And "What commlink is it on" doesn't matter most of the time. Data is data. The only time it'd matter if he as being hacked, and it's easy enough to just shut off the glasses/wireless comms for a moment to double check for that.


-karma

Well except you could be getting hacked and never know it.
Okay you have Cyber eyes, and Contact lenses and glasses.

Your cybereyes have image link, and smart link, and some other stuff. They're slaved to the commlink that's connected to your smartgun, and your cyberware via skinlink. This commlink has wireless turned off always.
You have contacts and glasses with a combination of stuff, including a 2nd imagelink, that's linked to a commlink with external matrix access.

What are your earbuds connected to
Your subvoc mic?
And most importantly what are your electrodes/datajack, or implanted sim module linked to?

Do you have wired rflexes, or attention coprocessors. What is your DNI linked to?

DNI isn't linked to anything. It's Direct. Unless you're referring to something like trodes or datajack, which are DNI input/output devices (a different case).

It's confusing because there's a bunch of cyberware that talks about needing a seperate DNI system implanted. And yet, nowhere in the game is there an actual DNI system to implant.

Really? I didn't notice that at all; a holdover from SR3?

Could be, it's mostly in the descriptions of stuff from Augmentation

SR4A pg 217

Wow, that's… totally wrong. Apparently you need trodes just to use your cyberarm! Better add that to the Broken Rules thread.

However, I think a reasonable interpretation is that that sentence is providing examples of ways of getting a DNI; i.e., 'to get a DNI, you may wear trodes'. Most other implants requiring control (e.g., cyberlimbs) also provide their own separate DNIs. Crisis averted!

I suspect one could write a SR4 size book on the matrix rules alone and still people would be confused. The simple problem being the dense amount of info needed to be supplied in such a cramped space.

p. 338 "In addition to wireless functionality, most cyberware devices are equipped with a direct
neural interface (DNI) that allows the user to mentally activate and control their functions."

Integral with cybernetic implants is the DNI.... you get DNI for free!

There is no One True Way. Every systems is different. If there was One True Way, then either no one could be hacked, or everyone could be hacked.

In general there are two classes of approach.

Static. Hidden Pan, or Turned devices off, or skinlink everything so you have no wireless.

Active. Agent, Sprite, or friendly team TM or Hacker protecting your systems.

There is no single mechanical structure or network topology that wins.

Yes. But some ways suck less than others. A goal here is to find and understand some "Fairly Good Practices".

For example there is the "Run no wireless" method through a skinlink/implanted commlink, involving a separate commlink for broadcasting and matrix use micro-transceivers for verbal communication. No tacnet allowed, all rigger and hacking actions on a third hidden commlink. The goal here is stealth and security through quarantine.

There is also the secure tacnet method involving running the tacsoft on a System 6 Response 6 commlink along with the Three Musketeers Suite (71 unwired) and a level 6 firewall and making sure everyone's commlink has enough signal to stay in mutual range of that tacnet, slaving all the commlinks to the tacnet commlink, running firewalls on them and slaving all personal gear to your commlink and running encryption on everything. This is an expensive single point of failure that's about as obvious as the bat signal. The goal here is a moving fortress.

KarmaInferno is proposing a cross between the two, but while I get the concept, I'm having a hard time implementing it mentally. I dislike visual augmented reality coming in through two different sources. (Trying to picture it makes me start to feel motion sick.) And I keep getting confused as to what sensors are on the tacnet, what devices they run on, getting a bonus to hit from the tacnet when the smartlink isn't on the tacnet (rules wise it's legal, but it's simply not something I can believe in as a player), etc. I'd need to see a diagram and I think all that would do would be to lead people into attacking the diagram.

From these we can get some good practices:
1) High Response/System allows better IC (Unwired, pg 70) to be run.
2) High firewalls on all commlinks are a simple investment.
3) Skinlinks can be used to create a quarantined PAN that has no signal.
4) Have a public broascasting commlink quarantined from the rest of your PANs. Combining that practice with #1 and #2 is even better.
5) Run your matrix actions (hacking/rigging) through another secure quarantined PAN.
6) If using a Tacsoft, sit down and design your tacnet, all the way down to the AR devices, the sense feeds, and the signal paths and ratings.