comStar Firewall alert - PhaseThrough

Recommendations

Info

systeM security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 by the owner. It can make its own decisions about prioritization, or it can be given a priority list. It appears in the Matrix as a white bird wearing a traditional nurse’s hat. Loaded Programs: Medic watanabe electric kitsune This program takes the form of an anthropomorphic fox with configurable gender and outfits. Its task is to politely greet icons as they enter a node and help direct them to the appropriate resources. It also performs a Matrix Perception Test on every icon that enters, and continues to check icons while idle, starting with the least recently Analyzed. If it finds an icon that lies outside of the parameters with which it is configured, it triggers an active alert. Loaded Programs: Analyze SYSteM topoLogY Another way to secure a system is by putting it together in a way that is easier to secure. Much the same way that castles and secure facilities have physical configurations of walls and entry points that are more easily defended than others, Matrix systems can be built with security in mind. tipS and trickS Security is not merely statistics and Matrix attributes. A system can be protected by a strong combination of policies, procedures, and topologies. The strategies and tactics offered below are just a small sampling of the expert spider’s bag of tricks. Backups and More Backups One simple way to protect important files and programs is to make copies on a recurring basis and store them in an encrypted and/or protected archive. By comparing the current programs and files to the backups at regular intervals (from once a week for lowsecurity systems up to every hour for high-security), a spider or agent can detect backdoors, viruses in programs, and altered files. The damaged files and programs can then be fixed by overwriting undesirable icons with the backups. chokepoints The less a spider has to monitor, the easier it is for him to secure. Networks of nodes need more resources for security than a single node. One way to limit the vulnerability of a large network is to allow only one or two nodes that act as gateways to the rest of the system. The rest of the nodes in the network are then kept behind wirelessimpeding materials or are linked by fiber optic cables and have no wireless capability at all. Much like a checkpoint in a real-world facility, when all traffic enters at a single point, a spider can keep the network secure by monitoring only those nodes that have outside access. This does not prevent an attack from within the system, usually executed by physically entering the facility that the network serves and accessing inner nodes directly. This falls under the spider’s physical duties, along with those of the physical security of the facility. communication protocols A good spider remembers to secure the most vulnerable part of her system: the users. The strongest Firewall and IC in the world are no match for an idiot employee with clearance, and a good hacker knows it. A spider can put into place certain rules of communication to be followed by the users in a facility to help protect against a social engineering attack. For example, a shadowrunner might make a commcall into a facility posing as a high-level executive in order to steal a passcode from a night clerk. If that clerk is aware of a policy in place that states that no management will ever call except on certain lines, or that they will use certain code words when making such calls, the chances that the clerk will divulge sensitive information is drastically reduced. cryptosense Sculpting Though unusual, some systems use cryptosense simsense data in their system sculpting—sensory data such as ultrasound, thermographic, etc. A user who does not have a proper cryptosense module (p. 196) and who does not possess that physical sense will not be able to interpret the data. This will not prevent a hacker from making Matrix operations, but the lack or confusion of sensory details might inflict a –1 dice pool modifier to some actions (gamemaster’s discretion). Use of a reality filter will override cryptosense data. decoys Decoys are files and nodes that appear to be more dangerous than they actually are. By running a Stealth program that targets a file, a node can make that file appear to be larger or smaller, Unwired Simon Wentworth (order #1132857) 9
filled with a high-rating Data Bomb, archived with strong IC, or anything else a spider can invent. The node can also use Stealth on itself, masking its true Matrix attributes, running programs, or other pieces of information normally garnered by a Matrix Perception Test. When a node is using a decoy, the gamemaster should roll an Opposed Test, per the normal Matrix Perception Test rules involving Stealth (p. 217, SR4). If the observer gains no net hits, she instead receives one piece of fictional information that the Stealth program is configured to give. This technique may only be used with files and nodes. Decoys can be especially effective when used with a honeypot. Honeypot A honeypot is a file or node that appears to be valuable to an attacker, but in fact is a trap set to lure intruders. All of the personnel that have genuine access to the system are aware of the honeypot’s true nature, and are instructed to leave it alone. This means that any icon that attempts to access the honeypot is likely to be an intruder. Honeypots are usually implemented in two ways, either as a decoy masquerading as an important file or node, or a ruse that appears to be a weak spot in the system’s security. A decoy is usually only visible to security or admin accounts and encrypted, attached to a Data Bomb, or otherwise protected by security measures reserved for important files and nodes, to support the deception. As a ruse, they honeypot has low security and is used either as an indicator or a diversion into a non-critical node designated for such uses, often filled with IC or spiders. In either case, the honeypot is often placed where a hacker can find it. Honeypots are often used in conjunction with patrolling IC that are scripted to watch for icons accessing the honeypot. A more advanced form of this strategy uses several honeypots that all appear identical to the actual important node or file, forcing an intruder to guess which is truly valuable and which is a trap. Layered access A spider can use an “onionskin” approach to security. In this method, the network is configured to have multiple gateways, each leading to the next. Unless the attacker can access the target node directly, she will be forced to work her way into a desired target one node at a time, slowing the attack and giving the system a chance to defend itself. Limiting account privileges Employees at a secure physical facility are not allowed to be in areas to which they do not require access as part of their jobs. Likewise, users in a secure system should not have access to actions that are not critical to their performance. A simple way to do this is to deny lower account levels the ability to do certain things, such as see some or all of the files or subscriptions in the node, making or accepting commcalls, running certain programs, etc. Likewise, accounts are often watched and/or restricted in terms of how many connections may be logged into them at a particular time. In this setup, the system assumes that if two or more entities are logged in under the same account, one of them is a hacker. This security feature is tempered by the fact Unwired that many users run autonomous agents, and these agents usually have access to their accounts. Nevertheless, some spiders configure their systems to automatically refuse any account login after the first, to closely scrutinize multiple logins, or at least limit simultaneous logins to a small amount in order to deter bots and malware. passkey checking A system that uses a passkey system will initiate an alert when the access log shows the activities of a user that does not have a proper passkey, usually (System) Combat Turns after the start of the hacker’s intrusion. For many governments, corporations, and other entities that have spent serious budget on a passkey system, this is not soon enough. Adding patrolling IC or spiders, specifically Analyzing icons for the proper passkey, is good for shortening intrusion times to a few seconds, if that. See Passkeys, p. 64. protected access Log The access log does not offer much in the way of protection for a node, but it can help track down intruders after the fact. Disallowing the ability to see, read, or edit the access log to accounts below admin will help protect it against hackers. Another possibility is to Encrypt the log, if the node has the processing power to spare; this will only slow an attacker, however. Yet another possible but unwieldy solution is to store the access log in another node. This requires a dedicated link and node access on the other node, but might confuse an intruder enough to keep the data that the system collects about him. rebooting Shutting down a device and allowing it to reboot will remove an intruder from a node with a Complex Action. In fact, it will remove all users from the system at the end of the Combat Turn in which the Reboot was initiated. The system then begins to start up again the following Combat Turn (see Reboot, p. 221, SR4). However, it is not always feasible to reboot a node, even for a few seconds. Marketing computers, security control nodes, medical mainframes, Matrix traffic hubs, corporate work servers, and military analysis devices are all machines that have critical applications that require the system remain up and running. A system can be set to automatically reboot when an active alert is initiated, whether it be by the Firewall, IC, or a user with appropriate account access. This is not always desirable, and many systems leave the decision to reboot in the hands of a spider. High-priority nodes disable the rebooting option completely, and can only be rebooted by physically disconnecting the power from the hardware. remote Spider Having a spider on-site ensures that a system has a living person available and (usually) in the node, ready to handle security breaches. However, many spiders choose to work remotely. This allows them to confront intruders without the vulnerabilities that can be associated with an opponent in one’s node of residence (for example, if an intruder successfully hacks into a node and gains Simon Wentworth (order #1132857) 9 73 systeM security . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 1 and 2:
TM Simon Wentworth (order #1132857
Page 3 and 4:
Simon Wentworth (order #1132857) 9
Page 5 and 6:
Malware 86 Agents 87 Botnets 88 the
Page 7 and 8:
JackPoint StatS___ 57 users current
Page 9 and 10:
Page 11 and 12:
AR transmissions are so easy to eav
Page 13 and 14:
And I’m even happier when I can i
Page 15 and 16:
tHe aUgMented worLd The augmented w
Page 17 and 18:
people started cobbling together re
Page 19 and 20:
While the cheaper commlinks are onl
Page 21 and 22:
Matrix criMeS > I’ve downloaded a
Page 23 and 24: “protection rackets” against vi
Page 25 and 26: a general agreement that in order t
Page 27 and 28: Now, to operate in the sprawl, you
Page 29 and 30: capabilities and resources to do it
Page 31 and 32: popULar SoUSveiLLance videoS knight
Page 33 and 34: drug treatments during incarceratio
Page 35 and 36: Simon Wentworth (order #1132857) 9
Page 37 and 38: of more than one sprite at a time.
Page 39 and 40: intuitive Hacking Cost: 5 BP A char
Page 41 and 42: tweaking tHe rULeS Gamemasters and
Page 45 and 46: ‘link will s-l-o-w d-o-w-n, big t
Page 47 and 48: gram and a massive amount of time (
Page 49 and 50: . . . Matrix topoloGy . . . Hex was
Page 53 and 54: track programs are not able to dete
Page 55 and 56: node attributes like a metaphor or
Page 57 and 58: datatrail Every interaction on the
Page 59 and 60: a castle could represent a control
Page 61 and 62: Simsense can also be used for exper
Page 65 and 66: with their image links is an expens
Page 67 and 68: To avoid detection, the hacker can
Page 69 and 70: aLertS Another important line of de
Page 71 and 72: B A R S C I L W ESS 3 2 3 2 3 4 4 3
Page 73: encryption on the access log of the
Page 77 and 78: You also need to choose the Matrix
Page 79 and 80: Sculpting: The node looks a lot lik
Page 81 and 82: Hardware: Saeder-Krupp Schwermetall
Page 85 and 86: Don’t call me a script kid Don’
Page 87 and 88: ight commands to bring those things
Page 89 and 90: drivers on my commlink before I tur
Page 91 and 92: what it sounds like: two or more ha
Page 93 and 94: Yep. You can also stick malware int
Page 95 and 96: gaMe inforMation The Hacker’s Han
Page 97 and 98: paYdata General rules for fencing p
Page 99 and 100: Pistons is researching the NeoNET A
Page 101 and 102: Spoofing commands from a user with
Page 103 and 104: to Mook or not to Mook? For some ch
Page 105 and 106: Issuing commands to a smartgun thro
Page 107 and 108: igger trickS Like hackers, riggers
Page 111 and 112: Server-Side prograMS Server-side pr
Page 113 and 114: cess (even if the agent tries to ha
Page 115 and 116: worms). To match the opposition, ho
Page 117 and 118: Mute Program Types: Common, Hacking
Page 119 and 120: temporary degradation can be restor
Page 121 and 122: advanced prograMMing taBLe Software
Page 123 and 124: prone to degradation. This is in pa
Page 125 and 126:
dataworms Dataworms are a stealth t
Page 127 and 128:
military and police units, professi
Page 129 and 130:
them and plot them on a three-dimen
Page 131 and 132:
. . . technoMancers . . . The secur
Page 133 and 134:
Page 135 and 136:
attuning to a particular part of th
Page 137 and 138:
advanced tecHnoMancer rULeS The rec
Page 139 and 140:
Streams are still evolving and are
Page 141 and 142:
info Savants Fading: Intuition + Re
Page 143 and 144:
experience, induced by unfiltered e
Page 145 and 146:
don’t have to be strictly technom
Page 147 and 148:
new ecHoeS The following section ex
Page 149 and 150:
Sift Technomancers who possess this
Page 151 and 152:
Neuroleptic: This widget creates a
Page 153 and 154:
make are geared towards someone wit
Page 155 and 156:
Page 157 and 158:
Pilot Response Firewall Matrix INIT
Page 159 and 160:
traceroUte taBLe Subject Interacts
Page 161 and 162:
• It may raise one complex form i
Page 163 and 164:
. . . Matrix phenoMena . . . It’s
Page 165 and 166:
Page 167 and 168:
gaMe inforMation This section provi
Page 169 and 170:
(plus an additional box if the AI h
Page 171 and 172:
known aiS These are but a few examp
Page 173 and 174:
Uv nodeS—at tHe edge of reaLitY I
Page 175 and 176:
is something larger beyond the curt
Page 177 and 178:
the realm where the source code was
Page 179 and 180:
infektors The Infektors’ ultimate
Page 181 and 182:
corrupting it into a temporary diss
Page 183 and 184:
Pilot Response Firewall Matrix INIT
Page 185 and 186:
Page 187 and 188:
former prematurely and leave them o
Page 189 and 190:
playback gear On the most basic lev
Page 191 and 192:
y default can be used repeatedly an
Page 193 and 194:
to explain the missing time. Also,
Page 195 and 196:
compartmentalized pieces of informa
Page 197 and 198:
. . . Matrix Gear . . . Glitch was
Page 199 and 200:
Page 201 and 202:
eLectronicS Electronics follow all
Page 203 and 204:
Hacker ServiceS See Buying a Better
Page 205 and 206:
Software Suites Availability Cost H
Page 207 and 208:
SaMpLe nodeS (cont.) . . . . . . .
Page 209 and 210:
SaMpLe SpiderS (cont.) Security tec
show all

comStar Firewall alert - PhaseThrough

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?