comStar Firewall alert - PhaseThrough

Recommendations

Info

systeM security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 optionaL rULe: draMatic encrYption As a gamemaster, you may wish to use an encrypted file or node as a story hook or a plot device. With the state of cryptography what it is in the 2070s, encryption presents a very low bar for players. Fortunately, there exist unique and particularly arcane encryption methods that represent either bleeding-edge research or ancient techniques that cannot be easily cracked by computers. These methods can only be decrypted under special circumstances, such as only in a certain place, using information from a particular object, only after finding all parts of a file, or simply after an inordinate amount of time. The details of such methods, including availability and frequency, are determined by the gamemaster. side of the link must be running Encrypt. There is no advantage if both connected nodes are running Encrypt, except that the highest rating of the two programs is used. Initiating signals encryption requires a Simple Action by each node, but no further action is needed to encrypt or decrypt data sent along the link until the encryption is disabled or the link is severed. Encrypted connections take up a subscription slot (see Subscriptions, p. 55). file encryption Files can be encrypted with a Simple Action, using the Encrypt program. When encrypting a file, a user may include more than one file, to create a single encrypted archive file containing several smaller files. A user may also include a Data Bomb program within the archive file. When doing so, the user also determines the conditions by which the Data Bomb will not activate (usually when it is decrypted using the key rather than by use of Decrypt) and whether or not the Data Bomb will destroy some, all, or none of the files within the encrypted archive. An encrypted archive may contain only one Data Bomb. See Data Bomb, p. 226, SR4. Additionally, a user may include an IC program (which may in turn be loaded with other programs) in an encrypted archive file. During this process, the user configures the IC’s behavior when the archive is decrypted, usually including a clause that keeps the IC from activating if the proper key is used. Barring instructions to the contrary, the included IC automatically loads into the node in which the archive file is decrypted. Only one IC program may be included in an archive file. The presence of a Data Bomb or IC can be detected with a successful Matrix Perception Test performed on the archive file. node encryption An entire node can be encrypted as an extra layer of security. An encrypted node can normally only be accessed by a user that has the correct key. A hacker may Decrypt the node, after which she can access it, as can anyone else with whom she shares the Decrypted key. The node must have an Encrypt program running, which counts against its program count for Response reduction. Encrypting a node does not automatically also encrypt subscriptions to or from it or files within it. Encrypting a node requires a Simple Action. Strong encryption While cryptanalysis is far stronger than encryption these days, it is possible to slow down an attacker more than standard encryption can. Doing so takes a large amount of processing power and time, and is considered by some hackers to be not worth the extra effort. When using strong encryption, the user needs the Encrypt program, as with normal encryption. The amount of time taken to perform the strong encryption then becomes the interval for an attacker’s Decryption Extended Test (p. 225, SR4). The longest period to which the interval may be increased is one day; beyond twenty-four hours, the encryption suffers from dramatic diminishing returns. Strong encryption may not be used for signals encryption. dynamic encryption It is possible to perform continuous re-encryption by monitoring a decryption attempt and adjusting the encryption algorithm accordingly. Doing so does not make the encryption safe, but it can delay an attacking hacker. Like strong encryption, dynamic encryption takes extra time and processing power. It has the additional disadvantage that it requires awareness of an attacker for it to be effective. Dynamic encryption is only effective against an attacker that has been detected with a Matrix Perception Test and that is currently decrypting a link, file, or node. The user makes an Opposed Computer + Encrypt Test against the attacker’s Electronic Warfare + Decrypt; for every net hit on this test, the threshold for the attacker’s attempt to break the encryption is increased by one. This requires a Complex Action. The extra threshold applies only to the attacker against which it is directed. The attacker may clear the threshold penalty by restarting his decryption attempt, but this causes him to lose any hits already accumulated against the encryption. Once an attacker has fully decrypted a subscription, node, or file, this technique may no longer be used. Dynamic encryption is not compatible with strong encryption. decryption Most of the time, encrypted subscriptions, files, and nodes are decrypted with a key. Often they are decrypted by hackers who crack the encryption with the Decrypt program. Using the Decrypt program requires a Complex Action to start the process, but thereafter the program continues the Extended Test (p. 225, SR4) autonomously. Once a file is decrypted by any user, it remains decrypted, but when a subscription or node is decrypted by a user, it remains decrypted only for that user. However, the encryption may be re-instated under certain circumstances: Signals encryption may be restored by closing the subscription (a Log Off action), re-establishing the subscription (a Log On action), and then re-encrypting the subscription (a Simple Action from each side of the link). File encryption is restored merely by encrypting the nowdecrypted file. Node encryption is restored by rebooting the node (a Complex Action, plus boot time), and re-encrypting it (a Simple Action). Unwired Simon Wentworth (order #1132857) 9
aLertS Another important line of defense in any system is the intruder alert. A node under an active alert is “aware” of a specific access ID that has hacked or is trying to hack his way into the system. If a system is made up of multiple nodes, an alert in one node puts all nodes on alert against the same intruder. A node on alert gains a +4 bonus to its Firewall against the intruder specified in the alert. Additionally, all privileges involving the node itself (such as deactivating programs or agents, rebooting, editing files, etc.) are no longer automatically allowed to the trespasser, who must either use the Hacking skill to perform such actions or Spoof a command from a legitimate user that still has her permissions intact. The young hacker, /dev/grrl, has hacked herself an admin account, but she glitches on a roll and an active alert ensues. While she normally would have been able to Edit the node’s access log without rolling, she now must make an Opposed Hacking + Edit Test against the node’s Firewall + System to do so. An alert is most often automatically triggered by a node’s Firewall. Additionally, any user, agent, or IC with a security or admin account may initiate an alert against an intruder with a Free Action. When an alert is triggered, a node executes its alert response configuration (see below). alert response configuration One of the most important duties of the spider is configuring the script that a node automatically runs when an active alert Unwired is initiated. The script is called the alert response configuration (ARC). The ARC is automatically executed the moment the alert is triggered. Unfortunately for the spider, the response a node can offer on its own is limited; system software is not designed to handle intrusion, and relies on spiders and IC. A node will execute its ARC only once per active alert triggered, and it will only run it against the icon that triggered the alert. The spider has a number of options when configuring the ARC, but may only choose one. If a node’s ARC is not known, or needs to be generated randomly, use the Random Alert Response table, p. 223, SR4. Launch IC: With this configuration, the node immediately runs one IC program. The particular program that is launched is chosen by the spider when the ARC is configured. Scramble Security Hacker: When an alert is initiated with this configuration, the node will contact one designated spider or security hacker specialist (chosen in advance) and report the alert. It will also automatically log the spider or hacker onto the node, opening a subscription; this does not require a Log On action by the hacker. Terminate Connection: The node immediately makes a single attempt to log the attacker out of the system (see Terminate Connection, p. 223, SR4) when the alert is activated. When this test is made, the +4 bonus to Firewall against the icon bearing the access ID of the one that triggered the alert is included in the dice a Brief HiStorY of crYptograpHY While cryptography has been studied since ancient times, the mathematical science of finding strong encryption techniques and ways to attack them really took off during World War II. In the following decades, a number of strong encryption algorithms were developed. Attacks on these methods were difficult, and most required far longer than a metahuman lifetime to perform. Encryption was a safe and reliable way to secure information. Then, in 2065, a researcher at the Universität Stuttgart named Heinrich Andrews published an academic paper on a new method of attacking encryption. The paper described a technique that utilized the computational power of the latest generation of processors along with a breakthrough mathematical algorithm. It seemed that encryption techniques were no longer as secure as they once were. Despite attempts by various corporate and government agencies to suppress it, Dr. Andrews’s paper was circulated quickly around the Matrix shadow community. Shortly thereafter, a new generation of Decrypt programs hit the Matrix, all using the freshly dubbed “Heinrich Maneuver” to speed up cryptanalysis attacks. Research into newer and stronger encryption continues, but there have as yet been no new developments. For now, at least, the days of reliable encryption are gone. Simon Wentworth (order #1132857) 9 67 systeM security . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 1 and 2:
TM Simon Wentworth (order #1132857
Page 3 and 4:
Simon Wentworth (order #1132857) 9
Page 5 and 6:
Malware 86 Agents 87 Botnets 88 the
Page 7 and 8:
JackPoint StatS___ 57 users current
Page 9 and 10:
Page 11 and 12:
AR transmissions are so easy to eav
Page 13 and 14:
And I’m even happier when I can i
Page 15 and 16:
tHe aUgMented worLd The augmented w
Page 17 and 18: people started cobbling together re
Page 19 and 20: While the cheaper commlinks are onl
Page 21 and 22: Matrix criMeS > I’ve downloaded a
Page 23 and 24: “protection rackets” against vi
Page 25 and 26: a general agreement that in order t
Page 27 and 28: Now, to operate in the sprawl, you
Page 29 and 30: capabilities and resources to do it
Page 31 and 32: popULar SoUSveiLLance videoS knight
Page 33 and 34: drug treatments during incarceratio
Page 35 and 36: Simon Wentworth (order #1132857) 9
Page 37 and 38: of more than one sprite at a time.
Page 39 and 40: intuitive Hacking Cost: 5 BP A char
Page 41 and 42: tweaking tHe rULeS Gamemasters and
Page 45 and 46: ‘link will s-l-o-w d-o-w-n, big t
Page 47 and 48: gram and a massive amount of time (
Page 49 and 50: . . . Matrix topoloGy . . . Hex was
Page 53 and 54: track programs are not able to dete
Page 55 and 56: node attributes like a metaphor or
Page 57 and 58: datatrail Every interaction on the
Page 59 and 60: a castle could represent a control
Page 61 and 62: Simsense can also be used for exper
Page 65 and 66: with their image links is an expens
Page 67: To avoid detection, the hacker can
Page 71 and 72: B A R S C I L W ESS 3 2 3 2 3 4 4 3
Page 73 and 74: encryption on the access log of the
Page 75 and 76: filled with a high-rating Data Bomb
Page 77 and 78: You also need to choose the Matrix
Page 79 and 80: Sculpting: The node looks a lot lik
Page 81 and 82: Hardware: Saeder-Krupp Schwermetall
Page 85 and 86: Don’t call me a script kid Don’
Page 87 and 88: ight commands to bring those things
Page 89 and 90: drivers on my commlink before I tur
Page 91 and 92: what it sounds like: two or more ha
Page 93 and 94: Yep. You can also stick malware int
Page 95 and 96: gaMe inforMation The Hacker’s Han
Page 97 and 98: paYdata General rules for fencing p
Page 99 and 100: Pistons is researching the NeoNET A
Page 101 and 102: Spoofing commands from a user with
Page 103 and 104: to Mook or not to Mook? For some ch
Page 105 and 106: Issuing commands to a smartgun thro
Page 107 and 108: igger trickS Like hackers, riggers
Page 111 and 112: Server-Side prograMS Server-side pr
Page 113 and 114: cess (even if the agent tries to ha
Page 115 and 116: worms). To match the opposition, ho
Page 117 and 118: Mute Program Types: Common, Hacking
Page 119 and 120:
temporary degradation can be restor
Page 121 and 122:
advanced prograMMing taBLe Software
Page 123 and 124:
prone to degradation. This is in pa
Page 125 and 126:
dataworms Dataworms are a stealth t
Page 127 and 128:
military and police units, professi
Page 129 and 130:
them and plot them on a three-dimen
Page 131 and 132:
. . . technoMancers . . . The secur
Page 133 and 134:
Page 135 and 136:
attuning to a particular part of th
Page 137 and 138:
advanced tecHnoMancer rULeS The rec
Page 139 and 140:
Streams are still evolving and are
Page 141 and 142:
info Savants Fading: Intuition + Re
Page 143 and 144:
experience, induced by unfiltered e
Page 145 and 146:
don’t have to be strictly technom
Page 147 and 148:
new ecHoeS The following section ex
Page 149 and 150:
Sift Technomancers who possess this
Page 151 and 152:
Neuroleptic: This widget creates a
Page 153 and 154:
make are geared towards someone wit
Page 155 and 156:
Page 157 and 158:
Pilot Response Firewall Matrix INIT
Page 159 and 160:
traceroUte taBLe Subject Interacts
Page 161 and 162:
• It may raise one complex form i
Page 163 and 164:
. . . Matrix phenoMena . . . It’s
Page 165 and 166:
Page 167 and 168:
gaMe inforMation This section provi
Page 169 and 170:
(plus an additional box if the AI h
Page 171 and 172:
known aiS These are but a few examp
Page 173 and 174:
Uv nodeS—at tHe edge of reaLitY I
Page 175 and 176:
is something larger beyond the curt
Page 177 and 178:
the realm where the source code was
Page 179 and 180:
infektors The Infektors’ ultimate
Page 181 and 182:
corrupting it into a temporary diss
Page 183 and 184:
Pilot Response Firewall Matrix INIT
Page 185 and 186:
Page 187 and 188:
former prematurely and leave them o
Page 189 and 190:
playback gear On the most basic lev
Page 191 and 192:
y default can be used repeatedly an
Page 193 and 194:
to explain the missing time. Also,
Page 195 and 196:
compartmentalized pieces of informa
Page 197 and 198:
. . . Matrix Gear . . . Glitch was
Page 199 and 200:
Page 201 and 202:
eLectronicS Electronics follow all
Page 203 and 204:
Hacker ServiceS See Buying a Better
Page 205 and 206:
Software Suites Availability Cost H
Page 207 and 208:
SaMpLe nodeS (cont.) . . . . . . .
Page 209 and 210:
SaMpLe SpiderS (cont.) Security tec
show all

comStar Firewall alert - PhaseThrough

Create successful ePaper yourself

Delete template?

Save as template?