Shadowrun
Shadowrun General => General Discussion => Topic started by: Mechanized82 on <10-11-19/0846:59>
-
First off, I'm new here so hello, an also new to the Shadowrun world so still getting my bearings here but I have a question and I wanted to get some opinions.
I just got into the Matrix section and dont understand why corporate servers are connected to the matrix? What is the benefit? The risk is huge... they are hackable. I could see certain parts of the corp being connected to the matrix... those operated by employees who need instant access to information around the world. but building management systems and important files, wouldn't those just be kept off the matrix?
-
Why not just go completely without computers and use paper and filing cabinets for everything?
Sorry, I don't mean to be snarky :) Yeah there are vulnerabilities, but they're more than offset by the advantages. Like what? Like your various departments around the world being able to communicate with each other... like being able to pay your employees without handing them a paper check... like having a telecom infrastructure that is compatible with the rest of the world... like having your customers be able to contact you digitally...
Imagine a company in the real world trying to operate without telephones, email, or a web presence...
Now, perhaps more to your point, there ARE "offline" Hosts that cannot be remotely accessed. Or can only be remotely accessed via certain predetermined periods, kind of like a time safe. Those are good for really sensitive stuff like discrete research projects... but not so good for mundane business administration. Or for about 95% of what a corporation does. Because again, being offline means if the rest of the Matrix can't reach you, you can't reach the rest of the Matrix, either. Secrecy REALLY needs to be more important than everything else. Because think how much of a liability it is for your research project if you can't call up any resources... not even wikipedia.
-
Sounds like I'm on the right track, mostly. I get the mundane stuff wanting to be connected, makes total sense. How about security systems? Connected to the matrix I suppose if an alert goes off then authorities are instantly notified where if the system is stand alone then an employee would need to call authorities. Am I right in thinking that between these two scenarios a small business would choose to be connected to the matrix where a large corp might just keep their security systems stand alone (only hackable from inside) because it sounds like they have the manpower to handle their own breeches?
Either way I guess it's not set in stone that every single computer in the world is on the matrix then?
-
The bigger your site, the more likely your employees have to interact with the outside. So almost everything will be online. And as for security systems: Most places cannot afford a spider, so one spider covers multiple locations, just following up on alarms and doing the occasional patrol.
Now the core systems, with the secret data the Johnson needs you to obtain? That isn't public, it's either in a private Host that requires physical location, or on a commlink someone locks up in a desk every day.
-
if the motion sensor can't tell anyone it detected motion, what's the point? So, yes, security systems would almost universally be online as well.
Now that being said, not everything online has to be wirelessly online. Security devices are a case in point: maybe this is worth the extra bother and expense of wiring cables throughout the building so that your security devices don't use wireless signals to communicate with the controlling Host. However, almost assuredly, the Host is still online. It'd have to be some very odd extenuating circumstances that you don't want your security host being able to talk to the rest of the corp, or to be able to call local emergency services, or etc.
Now a middle ground between the expense of hard-wiring and not trying to hide your devices/hosts entirely (while still benefitting from being able to interact with the rest of the corp/world) is to run silent. It's fully online, but you're immune to hacking... until your wireless signals are "spotted" by potential hackers. And if you've got a good host with a good sleaze attribute, your network can be much more securely hidden than your typical hacker can be...
-
Also the computing infrastructure is actually highly distributed, with most things built to sharing data and processing power with other nearby devices. This was actually a deliberate design decision, as I understand it, as experience had shown that very bad things could happen when a sophisticated AI got control of high end, fully integrated, computer systems (including Crash 2.0). The diffused computer/data model had the triplicate benefit of being cheaper to implement, more convenient and faster to implement, and putting some inherent limits on AI power.
(I don't claim that this necessarily makes total sense, but as I understand it that is a chunk of the in-universe logic for why things were built that way after Crash 2.0. Do realize that the need to get a new matrix up and running very-very-very quickly made the cost and speed/convenience factor very important parts of it all)
-
@Stainless Steel Devil Rat touches on an important point here; cost.
Corporations are all about the bottom line, and in Shadowrun pretty much everything in society is wireless; the can you're drinking from has wireless RFID tags in it so that it can show you targeted ads for the other products sold by the vendor while you're enjoying your favourite carbonated beverage, your coffee maker is connected to the Matrix to that it can predict when you'll wake up by communicating with your wireless biomonitor in order to have that steamin' hot cup of soycaf ready when you walk into the kitchen, and so on and so forth ad nauseum.
Consider then, that running fiberoptic cables through concrete walls and rock and dirt ground is WAY more expensive than simply putting a camera on a pole and hooking it up to the Matrix. If you're a mid to large size corporation you can afford expensive hosts that protect your devices, right? And the megacorps controlling keep implementing security protocols to keep all the bad hackers out, right? Because they surely wouldn't sell you stuff they knew could easily be compromised, right?
Sarcasm aside (and that is an in-world explanation, not directed at anyone here by the way), the Matrix revolutionized the way the world works. If you go back just 50 years in our world and talked to people about the basic premise of the internet, they would probably have the same questions as you. "Surely, this is insecure and ripe for exploitation!?"
Well, yes. But the damage inflicted by the minority is so outweighed by the net benefit from a wireless network, and, most importantly, the corps operate shadowrunners as much as, if not more, than anyone. It is directly against their own interests to keep everything offline, because the corps needs to have an ability to infiltrate, sabotage, and/or otherwise subvert the security of their opponents as they need to secure their own sites and systems.
Think of the Matrix as a form of a symbiotic relationship; all sides gain something in the exchange.
-
Corporations are all about the bottom line
This. I go one step further at my table: a recurring theme is that corps are penny-wise but pound-foolish. They have enough money, influence, and power to make the typical Shadowrun near-impossible, if they really went for it. But a combination of ruthless internal cost-cutting, short-sighted thinking, and constant internecine conflicts between managers and departments creates the cracks my players can find, lever open, and dance through.
-
if the motion sensor can't tell anyone it detected motion, what's the point?
I'm probably using terminology incorrectly in this thread which can be confusing so I apologize but when I mean offline I just mean not connected to the outside world. In a security system disconnected from the outside world the motion sensor still alerts security and that person acts however the corp wants them to act. And because that motion sensor isn't connected to the outside it couldn't be hacked by some kid 2000 miles away, it needs to be hacked from a terminal on site. The building essentially having it's own separate matrix I guess?
@Stainless Steel Devil Rat touches on an important point here; cost.
Consider then, that running fiberoptic cables through concrete walls and rock and dirt ground is WAY more expensive than simply putting a camera on a pole and hooking it up to the Matrix.
I can understand this to an extent. running cables throughout a building can be expensive up front but then that system is now secure from the outside world. That wireless camera you mention... the upfront cost is nothing yet the cost to keep the system secure from outside threats has to be pretty large. And in the end, when it comes down to it, its still exploitable from your couch where is a stand alone system heavily guarded in the physical world and only accessible in person is much harder to infiltrate.
I guess some of it just makes me think of the U.S. government putting all their military secrets in an online database waiting to be hacked. That would just be absurd. That stuff is in stand alone servers not connected to the internet hidden in underground bunkers guarded by armed personnel.
-
I guess some of it just makes me think of the U.S. government putting all their military secrets in an online database waiting to be hacked. That would just be absurd. That stuff is in stand alone servers not connected to the internet hidden in underground bunkers guarded by armed personnel.
Some degree of logical disassociation is required to make Shadowrun work. I think the key thing to remember is that in-universe, the benefits of keeping all your stuff connected outweigh the downsides.
Unlike our modern day reality, technology in Shadowrun actually performs objectively better when connected to the Matrix.
If you're trying to apply real world logic to the Matrix, remember that it is at it's core effectively a mass hallucination and relies on tech that to us might as well be magic.
-
I guess some of it just makes me think of the U.S. government putting all their military secrets in an online database waiting to be hacked. That would just be absurd.
That's pretty much exactly what IS done. Military secrets aren't doing the military any good if they're locked away in a vault with no access to the outside world.
That stuff is in stand alone servers not connected to the internet hidden in underground bunkers guarded by armed personnel.
I don't know what your background is; you have no reason to believe me when I say I have a deep real-world background on this topic.
So lets talk purely about Shadowrun: You haven't mentioned which edition you're talking about- I've been presuming Sixth since that's the newly current one. In this new edition, the megacorps have finally and formally gotten rid of the Grid mechanic. Private grids, or "mini-matrixes" were a thing ever since 1st edition but they're gone now... the corps have agreed it's better for everyone if everything is fully integrated. This is the afore-mentioned "penny-wise, pound-foolish" mentality corps are so prone to having. Going back to real-world analogies: simply IS no distinction between NIPRNETs and SIPRNETs anymore (not that there really is a meaningful difference between them, anyway...)
-
That's pretty much exactly what IS done. Military secrets aren't doing the military any good if they're locked away in a vault with no access to the outside world.
I'm not military so all of this is either based on theory or some personal exp but I assumed this is how they handle certain things. I have a good friend who worked for a big IT company, I think siemens, and they had a contract with the military. One of his jobs was go to a secure bunker, pass through a serious security check and access their servers for maintenance. Their stuff was not online.
I'd logically presume that things that needed an out, like CIA criminal database that needs to be shared around the country, would have to be online and thus hackable. But if the U.S. military has a research project for creating a deathstar why would you want that online? What benefit does it serve other than faster communication world wide? The risks are huge to have it online and the benefits small, I'd think rather than risk the security breech they would just bring all of the help rather than have the info connected to the outside.
So lets talk purely about Shadowrun: You haven't mentioned which edition you're talking about- I've been presuming Sixth since that's the newly current one. In this new edition, the megacorps have finally and formally gotten rid of the Grid mechanic. Private grids, or "mini-matrixes" were a thing ever since 1st edition but they're gone now... the corps have agreed it's better for everyone if everything is fully integrated. This is the afore-mentioned "penny-wise, pound-foolish" mentality corps are so prone to having. Going back to real-world analogies: simply IS no distinction between NIPRNETs and SIPRNETs anymore (not that there really is a meaningful difference between them, anyway...)
I've read a good bit of 2e and am in the process of browsing 5e checking out differences.
-
That's pretty much exactly what IS done. Military secrets aren't doing the military any good if they're locked away in a vault with no access to the outside world.
I'm not military so all of this is either based on theory or some personal exp but I assumed this is how they handle certain things. I have a good friend who worked for a big IT company, I think siemens, and they had a contract with the military. One of his jobs was go to a secure bunker, pass through a serious security check and access their servers for maintenance. Their stuff was not online.
I'd logically presume that things that needed an out, like CIA criminal database that needs to be shared around the country, would have to be online and thus hackable. But if the U.S. military has a research project for creating a deathstar why would you want that online? What benefit does it serve other than faster communication world wide? The risks are huge to have it online and the benefits small, I'd think rather than risk the security breech they would just bring all of the help rather than have the info connected to the outside.
We're not using "online" in the same way. That friend of yours who went into the bunker to access servers? Those servers were assuredly "online". I can't guess what specifically he was working on, but for example the military has its own "separate" internet that is partitioned off from the public internet. However, they use the exact same technology, and in certain critical points, even the same infrastructure. Therefore, despite being "offline" in a "you and I can't access it through the internet" sense, it absolutely IS accessible in a "can you hack it from outside the network? Absolutely" sense.
Attempts to use shades of grey is how hackers get in. The only secure computer is a computer that's powered off. If someone can get into the computer to use it for legitimate purposes, then so too can a hacker. Think of securing your secrets is like putting them in a safe. The only guaranteed way to ensure hackers can't get in is to weld it shut and make sure NOONE can get in. But that's only of value in very niche circumstances.
-
I think the closest you are going to get with 6E currently is a nesting doll of hosts, where yes the main corporation is visible on the matrix, but specific offices and building hosts are nested wwithin so the decker would have to break through several hosts to get to the target.
Previous games played in older editions included wireless dampening walls and hardlines to specific servers so that sometimes you have to carry the decker into combat in order to get the paydata.
-
I guess some of it just makes me think of the U.S. government putting all their military secrets in an online database waiting to be hacked. That would just be absurd. That stuff is in stand alone servers not connected to the internet hidden in underground bunkers guarded by armed personnel.
FWIW I agree with you. My runs often feature air-gapped systems or physical media cold storage the runners must physically access to obtain the McGuffin. I guess, based on this thread, that it isn’t very canonical, but it works just fine for us. Doesn’t seem to cause any mechanical issues.
One example was some blackmail material a Mafia lieutenant was keeping to put the squeeze on important people. The material was on physical storage in a safe in his office in a warehouse. Can’t see any reason he’d have kept that online, so he didn’t. Runners had to go and get it, old school.
-
Do keep in mind some Hosts are location-bound, so you must be at the scene to get in. And even then some of the crucial data will indeed be offline, because some departments can't even trust each other.
-
I've always seen it as there are some systems that are hardened or secured in such a way as to make remote hacking possible but so exceptionally difficult that you're going to call GOD or a demiGOD down on you simply by hacking it because it just takes far too long to penetrate the system and locate the paydata. Ultimately, in terms of abstracted game systems and mechanics, Overwatch Score is what limits a hacker from getting into any system they want. Beyond this, I have always run it as some systems are isolated in such a way that a hacker needs to be on site and directly connected to the physical infrastructure to hack a system (watch out for some seriously nasty IC on these systems), which means physical penetration of the secured site as well. It is for this reason that I have modified an idea of mine from previous experience to work with 6e that is a network attached device designed to compromise the integrity of the secured and isolated system and allow for remote access via the Matrix. You just have to get someone into the site, gain access to the network infrastructure, and attach the device without getting busted (good luck with that).
Most of the Sixth World is actively present and connected to the Matrix. This makes a lot of mundane stuff vulnerable to one degree or another. The most valuable stuff is secured in such a way that OS is likely to prevent you from getting in before you have to bail because it has gotten too high to risk further intrusion activities. The extremely valuable stuff is isolated and may only be connected to the Matrix for extremely short periods of time, or not at all. Additionally, none of this accounts for more than network architecture and IC. Let's not forget that security spiders are a thing. A network with extremely valuable data on it is going to have at least one (probably more) spider waiting to melt your brain with biofeedback.
The key thing to remember is that Matrix connectivity has a lot of value. That's why they use it. It does make things less secure but there are preventative measures to take, including nested hosts, high Device Ratings on those hosts, some nasty IC that will fry your brain, and corporate deckers or technomancers working as a security spider who will absolutely enjoy ruining your day. Just because something has potential vulnerabilities doesn't mean it is wide open for anyone to come look at.
-
[...]My runs often feature air-gapped systems or physical media cold storage the runners must physically access to obtain the McGuffin. I guess, based on this thread, that it isn’t very canonical, but it works just fine for us. Doesn’t seem to cause any mechanical issues.
Systems that are offline or isolated are very much canon, and have been since the beginning. For your everyday run of the mill corp office or stuffer shack security is probably pretty lax because it costs toouch to properly secure something that few people are interested in in the first place.
Look at Stom Front; FastJack and Riser went to Alberquerque (or however that place is spelled) in order to get to something that was offline.
A lot of the Missions and adventure books feature hosts and devices that ate not remotely accessible because it serves a purpose, story wise. Ultimately, that's what matters.
Want your Decker to be able to slice through security from the van? Completely plausible in a large number of cases. Want to get your hacker off his hoop and into the highly secure bunker that contains the top secret Gizmo? Also totally plausible.
Personally I try not to think of how the Matrix works at a conceptual level too deeply, because it isn't really explained. Instead, I just accept that cameras and door locks are wireless so that my hacker has something to do while the street sam provides covering fire and the magician summons his spirits to do their thing.
Heck, people in the lore run around with wirelessly accessible electronics in their bodies. In their heads, even! A bricked cyberdeck does 8P damage! No rational modern-day person would risk a cranial detonation to protect their iPhone or whatever, but in the world of Shadowrun, this is as common as drinking soykaf and filtering out AR spam while walking down the streets.
-
Right now, in the real world:
Just about EVERY major function of life and government is online.
Railway/subway/transit lines
Electrical power grid
Traffic lights in major cities
EMS
Police services
Various Social policies
Medical charts
Banking
Telecomms
that is NOW.... not in the dystopic cyber future :D
And, just like in SR... These systems can and do come under cyber-attack, and do get breached. You just don't hear of it, because well, the media can't figure out a way to blame Trump.... (there are Riots in 6 countries, Wars in 4 more, social unrest in a dozen more, disease outbreaks in 8 more.... yet Google News is full of Trump Twatter crap....)
Now, the history of computers, the matrix and all the crap that goes with it is a lot different in SR, then our world... but you can see the inspirations, and why they needed to update to a "wireless" system. (after all, why is the game that is set in the future, needs its "internet" to be wired, when the players are looking shit up wireless?)
Now when you get right down to the basic set up of the matrix, its not that bad really... in a thematic sense... (in a rules sense.. it get wonkty. Don't have 6e yet so no comment on it ATM). The Matrix is made up of millions of interconnected devices to share both the bandwith and processing power required to run all the activity. (so, even when your commlink is not being used by you, its STILL acting as a "pass through" device for everyone around you).
And this works and is SAFE because the devices sold to the public can not change the data they access, and the device that can change the data are limited to the corporations (and those that steal the tech - like runners and the black market)...
Keep in mind: There is are BILLIONS of people in SR, yet only a thousand that actually have the equipment and talent outside of the corps to actually "hack" matrix.... (and the technomancer population.. which is just one MAJOR reason why the Corps fear them)... Which is another reason why the entire system "just works".... to steal a catch phrase (and all its intended meaning :P) The number of actual threats are so low.
As for security systems...
well... They will be as advanced or as little as the company feels is warranted (Same as today). And just like today, the more advanced ones will be connected to the matrix as the corp dictates. So smashing into the Azzie owned Stuffer Shack probably isn't going to trigger more then an alarm and alert to local Police. But the Azzie Pyramid in Seattle? When an alarm is tripped there.. Azzie SA, Azzie EU gets alerted along with every other Azzie asset in Seattle!
Why?
Because Aztech doesn't care about the Stuffer Shack or the employees there. But they care very much about their North American Headquarters!
-
That's pretty much exactly what IS done. Military secrets aren't doing the military any good if they're locked away in a vault with no access to the outside world.
I'm not military so all of this is either based on theory or some personal exp but I assumed this is how they handle certain things. I have a good friend who worked for a big IT company, I think siemens, and they had a contract with the military. One of his jobs was go to a secure bunker, pass through a serious security check and access their servers for maintenance. Their stuff was not online.
I'd logically presume that things that needed an out, like CIA criminal database that needs to be shared around the country, would have to be online and thus hackable. But if the U.S. military has a research project for creating a deathstar why would you want that online? What benefit does it serve other than faster communication world wide? The risks are huge to have it online and the benefits small, I'd think rather than risk the security breech they would just bring all of the help rather than have the info connected to the outside.
We're not using "online" in the same way. That friend of yours who went into the bunker to access servers? Those servers were assuredly "online". I can't guess what specifically he was working on, but for example the military has its own "separate" internet that is partitioned off from the public internet. However, they use the exact same technology, and in certain critical points, even the same infrastructure. Therefore, despite being "offline" in a "you and I can't access it through the internet" sense, it absolutely IS accessible in a "can you hack it from outside the network? Absolutely" sense.
Attempts to use shades of grey is how hackers get in. The only secure computer is a computer that's powered off. If someone can get into the computer to use it for legitimate purposes, then so too can a hacker. Think of securing your secrets is like putting them in a safe. The only guaranteed way to ensure hackers can't get in is to weld it shut and make sure NOONE can get in. But that's only of value in very niche circumstances.
If you know this to be true then that is pretty interesting. I would have never guessed they would leave any entry way into anything sensitive.
I thank everyone on the responses. They have helped me grasp some of the concepts a little better.