NEWS

[SR6] Host Designs

  • 6 Replies
  • 397 Views

gsrutkowski

  • *
  • Newb
  • *
  • Posts: 2
« on: <04-29-22/1056:30> »
I'm guessing there's an upcoming Matrix Book for SR6 since we already have a Rigger and Magic book.  I'm hoping I'm not TOO late in asking, but will there be more detail given to Host designs and uses?  I'm not sure if what I'm asking makes a lot of sense, but it's touched on briefly [SR6 185] in the Hosts section.

One of the reasons I love Shadowrun is my love of the Decker and the concept of The Matrix.  I work in IT, and did a number of years as something like an Infrastructure Security specialist; I helped build and design, what I would describe as, Matrix Hosts.  SR5 had the Wireless Matrix, and it frustrated the absolute hell out of me since Wireless and Security don't exactly have much overlap in a Venn Diagram.  In fact, I would specifically make Hosts non-wireless as I had real world examples of how effective https://en.wikipedia.org/wiki/Air_gap_(networking) Air Gaps are at keeping data safe from unwanted actors.  SR6's mention that technomancer-grade security required going back to basics e.g. physical cables and less Wireless Networking, and this makes me a little giddy that I'll finally be able to start designing plausible real-world examples of security infrastructure in Shadowrun.

Reaver

  • *
  • Prime Runner
  • *****
  • Posts: 6395
  • 60% alcohol 40% asshole...
« Reply #1 on: <04-29-22/1522:55> »
I'm guessing there's an upcoming Matrix Book for SR6 since we already have a Rigger and Magic book.  I'm hoping I'm not TOO late in asking, but will there be more detail given to Host designs and uses?  I'm not sure if what I'm asking makes a lot of sense, but it's touched on briefly [SR6 185] in the Hosts section.

One of the reasons I love Shadowrun is my love of the Decker and the concept of The Matrix.  I work in IT, and did a number of years as something like an Infrastructure Security specialist; I helped build and design, what I would describe as, Matrix Hosts.  SR5 had the Wireless Matrix, and it frustrated the absolute hell out of me since Wireless and Security don't exactly have much overlap in a Venn Diagram.  In fact, I would specifically make Hosts non-wireless as I had real world examples of how effective https://en.wikipedia.org/wiki/Air_gap_(networking) Air Gaps are at keeping data safe from unwanted actors.  SR6's mention that technomancer-grade security required going back to basics e.g. physical cables and less Wireless Networking, and this makes me a little giddy that I'll finally be able to start designing plausible real-world examples of security infrastructure in Shadowrun.

FINALLY!!!
Another Security expert that sees what I have been saying since 4e!!!

Welcome to the Forums!
Where am I going? And why am I in a hand basket ???

Remember: You can't fix Stupid. But you can beat on it with a 2x4 until it smartens up! Or dies.

Banshee

  • *
  • Catalyst Demo Team
  • Ace Runner
  • ***
  • Posts: 1058
« Reply #2 on: <04-29-22/2135:03> »
Yes, as you spotted ... in the 6e CRB I laid the groundwork for real world IT security and without going into much detail ... yes that got expanded upon in the matrix book which is in production
Robert "Banshee" Volbrecht
Freelancer & FAQ Committee member
Former RPG Lead Agent
Catalyst Demo Team

Stainless Steel Devil Rat

  • *
  • Errata Coordinator
  • Prime Runner
  • *****
  • Posts: 4570
« Reply #3 on: <04-29-22/2200:08> »
Speaking as someone who both does SR rules AND had a 20+ year career in real life IT and cybersecurity...

The less you impose real life knowledge on SR rules (esp matrix rules) the more fun you'll have.  My recommendation is to remember this mantra:  "It's a game where the hackers are SUPPOSED to succeed".   If that doesn't work, then try this one:  "The matrix is essentially magic."


When it comes to reconciling a leap across suspension of disbelief, I think keeping this in mind helps:  Security managers NEVER get all the funding they want to properly secure their networks.  Everything is wireless comms because it's almost unheard of for a facility to pay for hardline comms networks.  Only the most paranoid places pay for that kind of "unnecessary" infrastructure in 2082.
RPG mechanics exist to give structure and consistency to the game world, true, but at the end of the day, you’re fighting dragons with algebra and random number generators.

Xenon

  • *
  • Prime Runner
  • *****
  • Posts: 6377
« Reply #4 on: <04-30-22/0330:28> »
Air gap is for sure a highly secure pattern from a theoretical IT architecture point of view, but in reality it is costly for your IT Department to run and I think the level of actual increased security it brings can also be debated. For example, with an air gap the IT Department lack means to fully automate the process of applying critical security patches. If your network would become exposed to the internet (or the matrix) for whatever reason then it will likely also be more vulnerable than if it had been connected and properly updated and monitored all along (talking from experience here). Another issue is that risk of your own users getting 'creative' is directly related to how many loops you create for them to jump through in order to perform their every day-to-day work (or continue being able to stream music from Spotify or having access to their iCloud or Dropbox account - again, talking from own experience).

And even if you run a complete wired (or even air gap) set-up it is still a network.

It only take a single wireless enabled device that is already part of the network to expose the entire network for a remote hacker (if it wasn't one of your own users perhaps the team's infiltration expert will be tasked to attach a wireless enabled data-tap to one of the network cables). Then a remote hacker can use this node as an entry point for brute forcing or probing their way in. With physical proximity (bring the nerd) a hacker also have the opportunity to create a direct connection themselves and hack the network via that.

Dreamwalker

  • *
  • Newb
  • *
  • Posts: 15
« Reply #5 on: <04-30-22/0904:44> »
The less you impose real life knowledge on SR rules (esp matrix rules) the more fun you'll have.
Amen.

I would refrain from trying to capture the complexity of real-world IT security design principles in a (manageable and understandable) set of game rules. If a player is not well-versed in this topic, it can quickly take the fun out of the game.

Moreover, matrix operating principles should have radically changed in the world of Shadowrun compared to current standards, given that the matrix of 2080 is built on top of the minds of 100 (unlucky) souls and cryptology experienced severe setbacks over the decades (particularly, since the Heinrich Maneuver). The matrix landscape also shifted in favor of highly distributed systems, often resulting in ubiquitous hosts with no particular physical counterpart to facilitate wide area/global operations (rendering air gaps virtually infeasible). Adopting current, rigid state-of-the-art security techniques can easily undermine the flair of the Shadowrun matrix.

Then again, you have to consider how certain decisions reflect on player perception. Personally, I find air gapped systems to be a somewhat blatantly obvious excuse to inevitably force decker/technomancer characters to physically enter dangerous territory, whereas, e.g., nested hosts (with potentially easier on-premise access to sub-hosts) provide a more elegant solution, offering multiple angles of attack and leaving different choices for a player. I would like to see that range of options expanded in upcoming source books, especially in ways that support in-depth planning and storytelling. For example, through "social" interaction with certain cherry-picked individuals that enable "acquisition" of fully legitimate access credentials just in the nick of time. Such credentials could then be exploited to impersonate a 100%-legitimate user in a host, which could otherwise have prohibitive security levels. Opening up more diverse options to circumvent matrix security (instead of reducing options) can lead to fun ways of approaching challenges and involve multiple players and character archetypes in the matrix side of Shadowrun.

That said, I too am eager to see which guidelines upcoming releases provide on matrix and host security design. Especially, a few detailed examples of host security architectures outlining underlying design decisions would be highly welcome.
« Last Edit: <04-30-22/1735:23> by Dreamwalker »

Beta

  • *
  • Ace Runner
  • ****
  • Posts: 1905
  • SR1 player, SR5 GM@FtF & player@PbP
« Reply #6 on: <05-03-22/1416:00> »
For example, through "social" interaction with certain cherry-picked individuals that enable "acquisition" of fully legitimate access credentials just in the nick of time. Such credentials could then be exploited to impersonate a 100%-legitimate user in a host, which could otherwise have prohibitive security levels. Opening up more diverse options to circumvent matrix security (instead of reducing options) can lead to fun ways of approaching challenges and involve multiple players and character archetypes in the matrix side of Shadowrun.

That said, I too am eager to see which guidelines upcoming releases provide on matrix and host security design. Especially, a few detailed examples of host security architectures outlining underlying design decisions would be highly welcome.

I know that the book is well beyond being influenced at this point, and my posts along this line seem to have gathered scant sympathy -- but amen!  "Social Engineering" has been a big part of security penetration since at least the Trojan Horse. (what is that you say? The Trojean Horse probably wasn't real?  Yes, but it is a story that has survived at least 2500 years, and we are making stories here).  In our world social engineering is a major vector for successful hacks.  And I think we (mostly?) want hackers to be less siloed in the matrix.  So to me it just seems obvious that there should be opportunities for social engineering when it comes to hacking.  There are three things that to me seem like really benefits of adding this in:

- A way to sometimes achieve minor hacks without having a decker (because not every team has one).  Spend the money for single use fingerprint and/or iris duplicating gear, choose your target, get their biometrics, get their link, keep them subdued, make your way to their work station and log into the host as them, and access what they could normally access (with a steadily growing chance of being spotted, the more that you try and do)

-A way to get some bonuses for deckers (and given the cost-of-failure in hacking is probably the highest of all of three 'worlds' of meat/magic/matrix, being able to get some bonuses when you can is very desirable)

- Allowing for certain very challenging hacks that need some combination of social engineering, physical connection, and serious hacking ability.  (OK, this one is technically possible with off-line hosts, except that the social engineering part is more optional)

And I say all of this as someone who has played a decker in 5th, a technomancer in 6th, and run a decker in 5th.  I'm not looking for a way to bypass hacking, I'm looking for ways to make it more interactive with the meat world.