Help - Search - Members - Calendar
Full Version: Curious questions
Dumpshock Forums > Discussion > Shadowrun
odei
1. Why would any security system be Matrix-accessible? I can't think of who would need to interface with a security host aside from the people who are in the building or area that it monitors.

2. Can a decker use the Control Slave operation to bypass a security door eqipped with keypads, cardreaders, etc?

A person working on-site would need to use their Electonics skills for such a task, but a decker seems to be able to use his Computer/Electronics average and then add hacking pool, giving deckers a really good advantage.

Please forgive me if these are dumb questions. I'm new here and I would understand that I'm an idiot. I've just started to incorporate decking into my runs and it doesn't all make sense.
shadd4d
1) Cost maybe. What if the site only has 1 host or two? For mom-n-pop getups, this is a cost answer. Isolating the server may cost more than it's worth to some corps. Of course, most security will use the CCSS, in my opinion. Rigger 3 states why one would use both a matrix and CCSS system.

2) If the device is hooked up to the matrix, then yes, a control slave would work the device.

Working on-site, you have to use electronics. Deckers can only use computer to crack the lock when they are in the matrix using control slave. Hacking pool is usable only in the matrix. If your decker is physically cracking the lock, he/she has to use electronics like everyone else.

OTOH, a good decker can rig up a jackpoint using the device and deck into the matrix from there.

Don
FXcalibur
QUOTE
OTOH, a good decker can rig up a jackpoint using the device and deck into the matrix from there.


How? I'm curious and don't have Matrix.
shadd4d
Again, it's in Matrix and VR 2.0. Essentially, you can use the electronics skill and a dataline tap to tap into a remote device and use it as a jack point. In fact, that can sometimes ease the trouble of having to get onsight and deck into the closed system. It's in the Matrix chapter labelled Jackpoints/Accessing the Matrix.

Matrix is a decent book and shows you all the changes from VR 2.0 to 3rd ed. It was a worthwhile purchase for me.

Don
Lantzer
I thought it was worth it just for the tables in the back.
RangerJoe
Another consideration for Matrix-controlled security is the notion of off-site security monitoring. Mom & Pop's Generic Store might want security monitoring, but not be able to pay for a full-time, on-site presence. The solution? Set up some cameras and some door alarms, and let Bob's Remote Security Services protect the joint. This is a great tactic to throw against your runners ("whaddaya mean I can't access the security system from this host?" "You didn't notice the little ADT sticker in the window. Sorry.")
nezumi
I don't see how you could NOT put a security system on the matrix unless you're a highly secure facility. Think about it:

1) You have to be able to call out for reinforcements. Small to moderate sized corps want to be able to call the star when things are out of hand, much less the fire station or doc wagon.

2) Telecommuting. It's only 2004 and I know half of our security officers telecommute on a regular basis. Its simply more cost efficient to have them do that, especially if you have several offices. You don't have to pay for as big a cubicle or care as much for their equipment, and you can divide them up among several facilities. They like it and work harder, and they won't complain when you ask them to put in a few extra hours.

3) Interconnectivity of systems. By virtue of having your phone lines play nice with your internet trunks with your work stations with your HVAC systems with your security systems with your (so on and so forth), you gain synergy, the key to making money in the '50's.

4) Distributed systems. This links in with telecommuting, as corps spread out, its essential that different systems that are separated by a geographic gulf be interconnected. It is not financially prudent to buy dedicated lines for this.

Security concerns aren't that great. You're only at risk of attack from the top 10% or so of hackers, the equivalent of Graduate level students and the like. Thats the same as how it is now. Yes, those select few can do some nasty damage, but the risks are far outweighed by the increased productivity.
Black Isis
I'm also of the opinion that most security systems should be isolated and off the Matrix -- that's the first, and often best, line of defense in computer security. In real life, highly secure institutions are not connected to the Internet, or if they are, they have a separate internal net for their secure computing, and generally have two computers on their desktop -- the insecure one and the secure one. Even where I work at a university, we keep machines that don't need to be on the internet isolated. As an example, we have a massive Linux computing cluster -- while the head node is on the internet, the compute nodes are only on a private net (and the head node has two ethernet interfaces -- one on the Internet, one on the private net). That's the way I would see most corporate systems. That "head node" is a gateway host locked down as securely as possible -- in Shadowrun terms, loaded with IC and watched by a security decker. Anyone on the inside is generally assumed to be a legit user because they are coming in from a local machine, so they had to get past whatever physical security there is.

You don't need to have your security backbone on the Matrix to call for reinforcements, unless you plan on having no security guards -- people are generally capable of using a computer and a telephone separately.

As to nezumi's point that you're only at risk from the top 10% of hackers....well, in Shadowrun, that seems to be the bigger problem. I would guess that the Matrix's equivalent of skript kiddies are brainfried (or deck-fried) within short order -- I suppose they are what the Matrix gangs from Target: Matrix are talking about.
Bigity
But IIRC, telecoms use the same lines as Matrix systems in SR. So, the call out can be blocked either way. Personally, I'd rather have my corp system handle that then the Seattle LTG or something like that.

As for having two seperate systems...well, that would cost crazy dollars, and I doubt none but the most powerful (rich) corps would use that setup and anything other then the most critical sites.

In modern terms, in order to keep your systems completely seperate, you would have to buy extra routers, switches, cables, hubs, everything. In 2060 terms, that has to be pricey, just like it is today. If a system is connected, even through a single computer (node), then it can be gotten to from the outside.

Mostly, I guess it's a compromise. How much hassle the corp wants to put up with to get the wage slaves working away, how much they want to spend on security (which has to be constantly updated..so two systems = twice as much work and cost), how to handle it when you need data from one system taken to the other (massive transfers I mean), and so on.
Black Isis
It's not really that pricey -- you're going to have to buy a switch or a router anyway. Putting it on an internal, unroutable network instead of an open one doesn't cost you any more. Hell, a lot of ISPs put clients on an unroutable network and then use VPN or NAT to let them out if they have to (saves on "real" IP address, which I would hope is not a real concern in Shadowrun, but it has some other advantages too).
TinkerGnome
Cyberpunk, as a genre, far predates the Internet. SR as a game predates it as well in any real way.

Your real world logic and analogies don't apply here.

In any case, most large facilities are CCSS now and don't bother with matrix based security.
Black Isis
Yes, yes, I know, but there's nothing wrong with introducing some real-world network design into Shadowrun. smile.gif I'm curious if anyone other than me is not a huge fan of sculpted systems (I think in my game everything will be a UMS standard, more like what Neuromancer describes).
odei
Thanks--great information. I wasn't previously aware of all the cost-prohibitive aspects of a security system. This will really help me.

However, I'm still curious about security doors.

When physically tampering with keypads/cardreaders/etc. the runner has to use their Electronics and Electronics B/R skills or employ the use of a sequencer/maglock passkey/etc. In either circumstance, they are given no dice pools to draw from, relying only on their skill rating or the rating of the equipment they choose to employ.

However, a decker can log on to the security host, Locate Slave and then Control Slave, and are allowed to roll their Computer skill plus Hacking Pool to open the door directly. They won't even necessarily trip any anti-tampering devices hooked up to the actual maglock.

I guess it makes sense since a decent deck and a hot utility are pretty pricey compared to a simple electronics kit, but it makes the Electronics skill pale in comparison so much that I wonder why you'd need the Electronics skill much at all if you have a properly outfitted deck. It's possible to jack into some security doors directly, right?
RedmondLarry
Security doors don't provide connections on the outside for people to hook up decks, sorry. If you're on the inside and can get into a wiring closet or device controller you may be able to connect a deck to the system.

Maglocks, keypads, eye scanners, voice comparisons are all devices that can be hooked up on the outside of a security door. The data from such a device is sent to a computer, and if the computer decides the input is correct it will issue commands to the device (door) to unlock itself. A decker who is controlling the computer can make it issue such a command without any input coming from the keypads, etc.
TinkerGnome
QUOTE (OurTeam)
Security doors don't provide connections on the outside for people to hook up decks, sorry.

Not on the outside of the device, no. Somewhere in the device is the termination of a piece of fiber that you can rig a dataline tap to. The difficulty of the task is virtually identical to just hotwiring the lock in the first place, though, so it's not that big a deal (security locks generally have anti-tamper circuits on the cases). Such vulnerabilities are why any modern systems (ie, post 2055 or so) are CCSS unless there's just no budget for it.

Check out SOTA:2063 for the updated rules on maglocks. R3 for the rules on CCSS.
Beast of Revolutions
Electronics B/R can be used to turn any matrix-connected device into a jackpoint. In 2060, this includes most security doors and vending machines. And CCSS are not very common, due to cost and the scarcity of riggers. Think of a building controlled by a CCSS as a giant vehicle, and you have an idea of the cost.
Necro Tech
As a hard core decker my self the reason the most things are still connected to the matrix is interconnectivity. You might keep an issolated research host but then no one can share the data. How can your various branches share info? Also, money can keep out all but the best hackers by using vanishing/teleporting Sans, virtual hosts, bouncing hosts and other wacky crap that a CCSS system can't match. With CCSS you have to buy two hosts and it leaves you totally issolated as far as info goes. With a decker squatting outside your telehub blocking your calls and a jammer getting the rest you are cut off. Matrix still means you can unleash your own deckers to BlackHammer the intruder into gelatinous paste.
Clyde
It may seem unfair that the character with the Electronics/Sequencer and Electronics B/R doesn't get a dice pool at all while the decker gets task pool, but it's not.

Hotwiring a maglock with a set of microtronics tool is a static test. You just hit a target number equal to the maglock's rating and it opens. One success is enough. You could do it with one die if you were lucky enough.

Decking, on the other hand, is an opposed test. The computer rolls its own rating (upwards of 10 dice in some cases) against the Decker's Detection Factor. Whoever gets more successes wins. The decker gets more dice, but of course he needs them because one die isn't enough. The decker may be facing a higher target number, too: the host system's Slave Rating minus his Spoof utility (I think, it's spoof). That's totally independant of the quality of the lock: a rating 1 lock is as hard as a rating 12 lock to the decker, who is manipulating the host and not the lock.

So it's fine for the decker to get a ton of dice in my opinion: he needs them and besides it's his or her brain on the line here. If the Samurai blows his roll he just whips out his ingram smartgun and the game gets interesting.
odei
Thanks. Everyone's so helpful... ;_;

I could read about this stuff all day.
hobgoblin
some small things i want to comment on:

that linux clusters head is going to be one hell of a target. take it over and you have full control of the cluster even tho its on a seperate subnet or protocol as you have compromized one computer in the network allready. as long as some hardware is shared you risk comprimize. same with vpn and nat. nice combo but you better be damn sure that there are no inbound ports open on the nat that isnt vpn, and those that are better damn well have good keys (preferably rotated at intervals). all your looking at is one compromized computer on the inside for the whole network to be under threat as the computer will act as a translator.

sure it will be only the top tier crackers that can do it but if corp secrets are st stake, are you willing to take that chance?

there are a ton of tricks in the matrix sourcebook, vanishing sans, chokepoints, virtual hosts. many of these is similar to what one can in fact see IRL. vanishing san? timed connection to the net, find a bug that lets the computer be confused and your on (like say getting in while the window is open and reset the clock somehow). chokepoint? firewall, just like any other firewall they have to let some signals past or you may as well pull the wire. and those signals can be used to fool the computer on the other side, basicly doing a bypass (ok so chokepoints are more like a linux/bsd box running firewall duty rather then a dedicated hardware solution with its own homegrown os). virtual host, chroot for all you unix people (basicly it sets up a enviroment that lets the server(s) run inside what looks like a very trimmed os but its realy just a os trick so it can be fooled if you know a bug or something like that).

i see a host as more then just a server box. its the total setup of the office. phone/network wireing, switching boxes, servers and dumb terminals (suns grid computeing/network is the computer marketing pitch anyone?). on to this you hook stuff like door locks and cameras (most likely running a kind of vpn internaly so that you can just sniff the camera stream) , control stations, printers and scanners/faxes++...

all this is seen as one single host to the matrix metaphor. every item have its own set of chips or software that tells the decks asist interface how it looks, acts and so on (most likely in a way similar to xml).

this just indicates why its cost prohibitive on all but the most high security systems to have a dedicated wireing for security when you can just hook a new camera into the existing cables and have it show up on the watching guards "hud" (remeber we are talking a simsense enabled world here).

there is allso the call for backup ability. lets say you have a research office in a diffrent part of town. its more costeffetive to onsite security call for backup from the main regional security pool then haveing people on duty all the time unless we are talking extrateritorriality areas. you punch the button on the security station and in short order a apc with guards will be rolling, just like how most places have security these days, passive or active systems that phone home when tripped. but this will mostly show up in a and aa corps or small office buildings and similar for aaa corps as a&aa corps more often rent knight errant or similar then have their own people that they train and equip, and aaa corps can have people on standby in their big offices and just fly or roll them over to the small place when needed. this leads to a smaller and more effective force as you dont have a lot of on station personel all the time (why have 10 guards at 5 diffrent locations when you can have 1-2 at these locations and 10 standing by to roll when the alarm goes?)

i guess the problem is that this is never realy shown in books like matrix and similar. did the old lone star book cover stuff like this?
GrinderTheTroll
My main piece of advice is to decide ahead of time whether security is accessible via. Matrix.

Everyone has made a good argument about yes or no, but who knows what the corp was thinking when they setup their security. Were there budget concerns? Shortage on personnel? Were some security items pre-installed prior to moving into the facility? Maybe a know bug or glitch, perhaps a "back-door" for runners to exploit?

It's easy to get mired up in making encounters too-real sometimes, I know I fall victim to it often. I make the situation fit my ideas.

Good luck.
Clyde
I tend to use mixed systems, with a combination of matrix linked and offline locks, alarms and sensors. It gives the corp the best of both worlds: a lot of centralized control, cost savings and information but the whole system doesn't open up if some decker gets in or the host goes down. From an out of game standpoint, it means that if the decker gets in and owns your system the run isn't just a cakewalk for the rest of the team: they'll have something to do and to watch out for regardless of how well the decking goes.
GrinderTheTroll
QUOTE (Clyde)
From an out of game standpoint, it means that if the decker gets in and owns your system the run isn't just a cakewalk for the rest of the team.

I tend to do the same, so when I throw an "easy" mission their way, they get more freaked out than the more complicated ones sometimes. biggrin.gif
booklord
The nastiest thing I ever did was to have a high-security facility with 2 security systems. One connected to the matrix and one not. The one connected to the matrix was a simulation and wasn't connected to the actual security systems at all with the exception of some receive only video feeds.
GrinderTheTroll
Now that's just evil. devil.gif

/makes note.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012