Back to the main page

Mailing List Logs for ShadowRN

Message no. 1
From: shadowrn@*********.com (Lone Eagle)
Subject: Security Deckers
Date: Wed Jun 19 05:15:01 2002
What are people's feelings on what Security deckers do on line all day?
Decking for the average runner is likely to be either a quick in/out
datasteal (or whatever) or ten minutes of matrix overwatch, the deckers
online in a corp however are plugged in for an eight hour shift (and
probably remain that way despite health and safety rules which say that you
must have a break every >>time period<<. hey, you aren't supposed to watch a
vdu for more than an hour at a time but I don't know a single company which
doesn't frown on you taking a five minute break every hour even if they do
do it "off the record".)
so what do they do with their time?
Some of them might have tweaked things so they can watch (or be in) porn for
a while, or deal their shares in an attempt to do a Damien Knight. any other
ideas?

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
Message no. 2
From: shadowrn@*********.com (Bryan Pow)
Subject: Security Deckers
Date: Wed Jun 19 06:20:02 2002
>What are people's feelings on what Security deckers do on line all day?

They might doulle as sys-ops, or tech support for the company, dropping
whatever they are doing when some decker hits the system.

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
Message no. 3
From: shadowrn@*********.com (Augustus)
Subject: Security Deckers
Date: Wed Jun 19 10:25:01 2002
----- Original Message -----
From: "Lone Eagle" <loneeagle2061@*******.com>


> What are people's feelings on what Security deckers do on line all day?

A few thoughts on the subject....

When I worked for a BC government data centre, there was a Data Security
Department that had about 16-20 employees working full time.

During the day, their duties included (among other things):
-Watching over the system (making sure ppl didn't try to hack in)
-Issuing system access to employees and retriving/resetting passwords
-Designing and developing security software
-Checking logs of network user activity (in the network and on the net)


For security deckers, I can see it as being like "normal" security guards...
if there isn't something to do at that exact moment (keep people out,
prevent people from stealing stuff) they don't assign them to do other
things in the company (IE: they don't make them do janitorial work, or man
the cash register in the cafeteria, etc).

I can see them keeping busy during the day doing things such as:
-Watching over system for intrusions (actually getting in there, rather than
just waiting for an alert)
-Developing IC software
-Developing cyberdeck security software
-Running mock attempts on their own site to test security
-Sifting through security log files, looking for patterns and tracking users
-Monitoring internal security:
-issuing access for a users persona
-making sure people with the access aren't stealing data from
company
-making sure people are doing/seeing what they have access to and
not trying to bypass internal security

Then, when you throw in meetings, training, information seminars,
coffee/lunch breaks, etc... it can make for a pretty full day for anybody

Clint
Augustus
Message no. 4
From: shadowrn@*********.com (Da Twink Daddy)
Subject: Security Deckers
Date: Wed Jun 19 12:40:01 2002
----- Original Message -----
From: "Lone Eagle" <loneeagle2061@*******.com>


> What are people's feelings on what Security deckers do on line all day?
> so what do they do with their time?

Well, it depends. They might also be IC programmer/maintainers, in which
most of their day is probably that. They might do some degree of user
support (I can't get into file X, why not?) if they work during normal
business hours. Even if they don't program, and don't have any users on
line they could be going over security logs to see if there were any
break-ins the IC didn't catch or finding ways to tighten security without
alienating users. Lastly, they work for a corp, so they are probably
spying on any lowly user they can hide from. Just to make sure no inside
jobs are going on. [Of course, higher-ups are going to force the security
manager to make it where sec-deckers can't spy on them.]

> Some of them might have tweaked things so they can watch (or be in) porn
for
> a while, or deal their shares in an attempt to do a Damien Knight. any
other
> ideas?

For slow times this is probably also an option. A lot of physical security
installations have some entertainment available for the night watchmen (or
they bring their own), because usually nothing happens. I figure security
deckers might do something similar. They might even connect to some game
host and simply have a command set/frame that notifies them when the
security tally gets above a certain level by disconnecting them from the
game.

Along the same lines, it could be entirely possible that the security
deckers aren't on-line all the time. Maybe they are just on-call and have
to login and check the system whenever they are beeped/paged/IMed. Of
course, in the case of fast attacker(s) [With high init, nice IO speed, and
some good rolls, a datasteal might only take 30 sec.], security deckers
that aren't constantly on-line aren't going to be able to stop them, only
pick up their trail in the logs (if any!). For this reason, high security
systems that can afford it will have a sec-decker on-line all the time.

Da Twink Daddy
datwinkdaddy@*******.com
ICQ# 514984
Message no. 5
From: shadowrn@*********.com (Da Twink Daddy)
Subject: Security Deckers
Date: Wed Jun 19 13:05:01 2002
----- Original Message -----
From: "Augustus" <shadowrun@********.net>

> For security deckers, I can see it as being like "normal" security
guards...
> if there isn't something to do at that exact moment (keep people out,
> prevent people from stealing stuff) they don't assign them to do other
> things in the company (IE: they don't make them do janitorial work, or
man
> the cash register in the cafeteria, etc).

Well, yeah, but there's a lot of to both jobs that just waiting for an
alarm to go off.

> I can see them keeping busy during the day doing things such as:
> -Watching over system for intrusions (actually getting in there, rather
than
> just waiting for an alert)

Definately. I figure that a sec decker that's not zoneing out for some
reason is going to "check the monitors" every few minutes (or seconds). If
someone has a positive security tally, they'll probably do something about
it. They probably WON'T blow someone off the grid if it's low because a
legitimate user might be trying to do something they think they are allowed
to do and racking up a tally.

> -Developing IC software

Or just keeping the current IC SOTA.

> -Developing cyberdeck security software

Cyberdeck security software?

> -Running mock attempts on their own site to test security

Maybe, a lot of times this is out-sourced because it more correctly
simulates an outside attacker.

> -Sifting through security log files, looking for patterns and tracking
users

Yeah, maybe the log files show a high number of <specific system crash>.
Sec-Deck goes to look for a patch but there isn't one. He looks more
closely at the problem and realizes it's a security hole. He patches the
system, propogates the patch to <wherever>, and gets a bonus. Elsewhere, a
decker screams because SOTA just when up on his utility.

> -making sure people with the access aren't stealing data from
> company

or plotting against the company or using company resources to send love
letters or whatever. Sec-Deckers probably spy on users a lot and it's
probably at the unoffical (or maybe official, they may be a megacorp and
the lay down the law on their property) request of the corp.

> -making sure people are doing/seeing what they have access to and
> not trying to bypass internal security

This is of course represented by security tally and covered by "checking
the monitors", above. You try and do something your passcodes not good for
and you will get a security tally just as fast as a decker (or more so,
cause you aren't ready for it).

> Then, when you throw in meetings, training, information seminars,

And there are always a bunch of these.

Da Twink Daddy
datwinkdaddy@*******.com
ICQ# 514984
Message no. 6
From: shadowrn@*********.com (Bira)
Subject: Security Deckers
Date: Wed Jun 19 13:40:01 2002
On Wed, 19 Jun 2002 09:15:38 +0000
"Lone Eagle" <loneeagle2061@*******.com> wrote:

> Some of them might have tweaked things so they can watch (or be in) porn for
> a while, or deal their shares in an attempt to do a Damien Knight. any other
> ideas?

Well, the simplest thing is to say they _don't_ stay plugged in 8 hours
a day, looking for invaders. What I gather from the books is security
deckers only appear after certain trigger steps (designated by the GM)
are reached, which might mean they only jack in at those times. The rest
of their work days is probably spent idling around and doing some light network
maintenance.

Security deckers in places with smaller budgets probably also have
secondary duties, working as normal wage slaves until something comes
up.


--
Bira -- homem saído das entranhas da Terra para mudar o destino da humanidade,
usando apenas um filhote de urubu e um rolo de "silver tape"...
http://www.shadowlandbr.hpg.com.br
Message no. 7
From: shadowrn@*********.com (Downtym)
Subject: Security Deckers
Date: Wed Jun 19 15:10:01 2002
On Wed, 19 Jun 2002, Lone Eagle wrote:

> What are people's feelings on what Security deckers do on line all day?
> Decking for the average runner is likely to be either a quick in/out
> datasteal (or whatever) or ten minutes of matrix overwatch, the deckers
> online in a corp however are plugged in for an eight hour shift (and
> probably remain that way despite health and safety rules which say that you
> must have a break every >>time period<<.

> so what do they do with their time?

The same thing that modern sysadmins do. They set up some bots and
other programs to toss out an alert when something goes bad, then they
play solitaire, everquest, read newsgroups, wander the net (Er,
matrix), and just generally screw around until something bad happens.
That's why the security tally exists, so that the security knows when
it's time to roll by and see what user "John Doe" is doing in the
Fuchi Star.

> Some of them might have tweaked things so they can watch (or be in) porn for
> a while, or deal their shares in an attempt to do a Damien Knight. any other
> ideas?

I think the security decker, if the only one on duty, has the run of
the system. He is the system, able to control vast amounts of
processing power. He is /root. I'd guess that most sec deckers spend a
lot of time driking jolt cola, reading, and looking at pr0n. Most sec
deckers would also have IRC running in the background and be dinking
around while on duty. Hell, some even probably take a stab at decking
other company's systems.

Imagine a sec decker at Ares getting a call from Renraku security
about a bounce from a "suspicious user":

Renraku: "Hey, um, we're getting hit by a decker that seems to be
routing through your sysem."

Ares decker: "No kidding? Well, I'll be damned. You guys get a trace
to the port he's using?"

renraku: "Yeah, it's port 12345 that he's apparently bouncing his
signal off of."

Ares decker: "Thanks a ton, we'll knock him down right now.
*gracefully logs off of the renraku system* Is he gone now? I shut the
port down."

Renraku: "Yup, you got him. Thanks a ton."

Ares decker (Shaking his head): "Thanks for calling Ares, hope you
have a nice day."

Downtym |
Email: gte138j@*****.gatech.edu | Post no bills
Message no. 8
From: shadowrn@*********.com (Bill Thompson)
Subject: Security Deckers
Date: Wed Jun 19 15:10:04 2002
On Wed, 19 Jun 2002 09:15:38 +0000
"Lone Eagle" <loneeagle2061@*******.com> wrote:

> What are people's feelings on what Security deckers do on line all day?
>

Same thing Network geeks in the real world do, read Slashdot. :)


--
BillT@*********.com - PGP KeyID#: 0xFB966670

"Crappy old OSes have value in the basically negative sense that
changing to new ones makes us wish we'd never been born."
-Neal Stephenson 1999

Further Reading

If you enjoyed reading about Security Deckers, you may also be interested in:

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.

Thwap!