From: | Tzeentch tzeentch666@*********.net |
---|---|
Subject: | Virtual Realities 3.0: Security Deckers |
Date: | Wed, 26 Jul 2000 16:42:19 -0700 |
**The referenced "Realistic Bandwidth" rules will be posted soon.
SECURITY DECKERS
Security deckers are computer security professionals that use much the same
tools and techniques as their criminal counterparts, but instead of breaking
into systems they keep intruders out. Most systems do not have security
deckers online at all times, since for the most part the security deckers
have other tasks that require their attention. But it is not uncommon on
high-security hosts to have a security decker "on post" in much the same
manner as a security rigger.
SYSTEM OPERATIONS
Security deckers are valid users of the system, and have the highest access.
Thus they are not required to make any system tests and are always assumed
to be Legitimate for cybercombat purposes.
Host Operations
They have the capability of raising the systems security tally to any level
or initiate either a passive or critical shutdown of the host by expending a
Complex Action.
Swap Memory
The security decker may perform a "Swap Memory" system operation on the host
to reload crashed IC. The IC will become active again on the following turn.
Unsuppress IC
A security decker may perform an Analyze IC system operation to locate
suppressed IC. Once located, he may then perform a Swap Memory operation to
reload the program. This does not raise the opposing decker's Security Tally
but does free up the points he used to suppress the program.
Invalidate Access
If the security decker believes an intruder is using an Legitimate access
passcode he can invalidate it by making an Invalidate (Detection Factor of
Target) Test. If successful the intruder immediately becomes an "intruder"
for cybercombat. This test requires the expenditure of a Complex Action.
Throttle Bandwidth
If using the Realistic Bandwidth rules (p. xx) then a security decker may
attempt to reduce the bandwidth allocated to users. This is an opposed test
with a Target Number of 4. If the security decker scores more successes he
may reduce the bandwidth of all remotely connecting users by half. This
requires a Complex Action. This may only be attempted once per turn. Every
turn this operation is conducted halve all users bandwidth again.
For example, Asymmetric is decking the Novatech Star on a 50 MePS
connection. He is detected and the security decker attempts to throttle the
available bandwidth to buy some time and limit the intruders options. Both
the intruder and the security decker make their rolls. The security decker
scores more successes, so the deckers bandwidth is immediately cut in half -
to 25 MePS. The next turn the security decker could attempt to throttle the
bandwidth again - reducing the deckers bandwidth to 13 MePS. And so on.
HOST SECURITY
Security deckers must first locate any intruding deckers. This is done with
a Locate Decker system operation, which for security deckers is a Simple
Action. If successful, the security decker may then either engage the decker
in cybercombat or resist his operations. A located decker will have no
warning if he has been located by a security decker unless he is attacked.
Alternately, if a Trace program has successfully completed a hunt cycle then
the decker is automatically located and cannot break the lock with a evade
detection maneuver (see Combat Manuevers, p. xx, SR3).
Cybercombat
This is treated in the same manner as normal cybercombat (detailed on p.
222, SR3).
Resisting
If resisting the intruding hacker, then the security decker may attempt to
nullify system operations initiated by the target. Each nullification
attempt requires a Simple Action and can only be attempted if the target
decker has been located through a Trace or Locate Decker operation. After
the target decker completes a system operation the security decker may make
a Nullification Test with a target number equal to the rating of the
operational utility used in the test. Any successes scored by the security
decker remove a success from the target. This nullification test does not
affect the determination of security tally points since it takes place
"after" the actual system operation. If reduced to less then 1 success then
the deckers operation fails.