[spydertau]

If you have time and probe the node, the test is:  Hacking + Exploit (target's System + Firewall), however, if you are hacking on the fly, then you test:   Hacking + Exploit (targets firewall).  Is this correct?  Why isn't that if you take your time, the node gets System + Firewall but when you are hacking on the fly it's just the rating of the firewall and not with the system added in?

Thanks

[farothel]

If you probe, the target system only get's one roll to discover you (when you do the actual intrusion), whereas by hacking on the fly they get a roll every time you have one (theirs is firewall + analyse (stealth) if I'm not mistaken).  So the system has less chance to find you if you probe, but that comes at the cost of it taking a lot longer (rulewise translated into a higher difficulty to get in).

If you have the time, always probe, it's much safer.  And always go for admin if you can.

[spydertau]

If you probe, the target system only get's one roll to discover you (when you do the actual intrusion), whereas by hacking on the fly they get a roll every time you have one (theirs is firewall + analyse (stealth) if I'm not mistaken).  So the system has less chance to find you if you probe, but that comes at the cost of it taking a lot longer (rulewise translated into a higher difficulty to get in).

If you have the time, always probe, it's much safer.  And always go for admin if you can.

That makes sense thanks, I was just wanting to make sure that it wasn't a typo or something. 

I actually have a system that my group is about to break into and I have it designed that if anyone accesses the system from a certain time to a certain time with admin access that an automatic alert will be triggered to a spider.

[farothel]

Sounds like fun, but I think you might have some issues with that.
-security spiders can also have admin rights (not all do, but some will).  So if they go in their own system, they will trigger an alert as well
-I assume your time period is at night.  A lot of big software updates (and hardware as well, but that's not in scope here) are done during nights and week-ends, to avoid the need to stop working.  Those updates will most of the time need to be done by people with admin rights and will trigger your alert.
-what is night in one timezone is day in another.  So if your company is a multinational, you can have admin access during the night because those admins are in another country where it's regular day time.

You can trigger alerts, but if any of the above conditions apply too much, security spiders will not take alerts serious anymore.
What you can do is to trigger an alert if the person accessing the system is not at a certain location, or if the request is coming from any other than a certain sub-set of machines.  Hardware keys are also very useful in this regard, as the team first will need to have one of those.

What might be fun is to have the system be down for maintenance.  If your hacker (or other people who might get to the information, like the face asking stuff from a secretary) didn't do their legwork correctly, they don't know.  They won't be able to access the system because the server has been taken offline to replace a component.  Please come back in three hours and it should be up and running again.

[spydertau]

Sounds like fun, but I think you might have some issues with that.
-security spiders can also have admin rights (not all do, but some will).  So if they go in their own system, they will trigger an alert as well
-I assume your time period is at night.  A lot of big software updates (and hardware as well, but that's not in scope here) are done during nights and week-ends, to avoid the need to stop working.  Those updates will most of the time need to be done by people with admin rights and will trigger your alert.
-what is night in one timezone is day in another.  So if your company is a multinational, you can have admin access during the night because those admins are in another country where it's regular day time.

You can trigger alerts, but if any of the above conditions apply too much, security spiders will not take alerts serious anymore.
What you can do is to trigger an alert if the person accessing the system is not at a certain location, or if the request is coming from any other than a certain sub-set of machines.  Hardware keys are also very useful in this regard, as the team first will need to have one of those.

What might be fun is to have the system be down for maintenance.  If your hacker (or other people who might get to the information, like the face asking stuff from a secretary) didn't do their legwork correctly, they don't know.  They won't be able to access the system because the server has been taken offline to replace a component.  Please come back in three hours and it should be up and running again.

All good points.  I was wanting to create a few "wrenches" just to make it a little more interesting.  I'll keep these in mind   Thank you.  Hope you have a great day.

[farothel]

I think there's a nice section on passkeys in the Unwired book (I'm away from books at the moment, so I can't verify) that you might check out.  Including alchemical ones (again, can't verify).

[AwesomenessDog]

Don't forget edge roll to just guess the passkeys are 1,2,3,4,5