The Matrix is a collection of computer systems but is laid out in a very organized manner. Everything is connected, but to get from one place to another you have to travel from your Jackpoint, the physical connection to the Matrix, to the system that you want. If it is local to where you are, that is simple, but if it is not, you may have to travel through other grids to get there.

Jackpoint: The source of the connection that the decker is coming from. Depending on how they choose to connect, this could be a wired line or a wireless connection of some sort, as seen in this list. Each of these type of connections will have some modifiers to follow.

• Access Modifier: This is added/subtracted from the Access TN for any rolls made on the host/grid that they are attempting to get onto.
• Trace Modifier: This is the modifier that is added or subtracted when determining how long a trace takes (p 106 Matrix).
• I/O Speed: The lower of the two between the jackpoint used and the cyberterminal the decker is using determines how fast it can transmit data.
• Base Bandwidth: As we are not using Icon Bandwidth rules, this is not to be worried about unless you want to add that as a rule in your own runs. It calculates a modifier of how easy it is to trace a decker based on the stats of their deck and the programs they are running. Rules to calculate it are on page 107 of Matrix.

Regional Telecommunications Grids (RTG): Like modern day power or phone grids, these can cover large areas of the various countries. For example, California has a North and South grid while the CAS has Central, Gulf, Seaboard and Texas.

Local Telecommunications Grid (LTG): These are analogous to the area codes of current communications, and the coverage area depends on the density of connections.

Private Local Telecommunications Grid (PLTG): Comparable to private intranets today that are used by groups to consolidate various businesses or schools or other similar groups. These are closed to the general public and in some cases not directly connected to the normal matrix. They can spread through the world to link the relevant groups together, such as a corporate PLTG that may link all the scientists of a particular research project together, or a PLTG for a government to allow all the officials to communicate.

So, if a Decker logs into a Jackpoint in Boston using a computer in their Apartment and wanted to get to a host in Los Angeles, they would appear on the Apartment's Host, and would then need to connect from there to the Boston LTG to the UCAS North-East RTG. then to the Cal-Free South RTG then to the Los Angeles LTG and then to the host they wanted to access.

To understand the breakdown in North America, the list at RTGs when paired with the following map will help it make more sense:

To create a host, there are many elements which must be known. First, a host is identified with a color and a number. The number is called the Security Value, which normally ranges from 4 to 12 but can go higher. Double digit values represent extreme security. The color is called the Security Code and it is a measure of the level of security precautions on the host. This is usually a designation that would be determined by the type of information the host may have, but some people may get secure hosts out for security and paranoia, even if the information isn't that sensitive.

• Blue Host: This is most public service databases: Newsfax distribution systems, public libray databases, directories of listed commcodes - pretty much anything free, whether provided by a government, a corp or a private individual. Small businesses too poor to secure their systems tend to have Blue hosts as well.

• Green Host: These are average systems. They may be a bit more patient than the higher end systems, but they can still load any IC the hotter hosts mount.

• Orange Host: This is a secure system, prided on being able to store "confidential" data and carry out processing that is important but not absolutely essential to the host's operators. Orange system include the typical factory controller and the networks used by middle management in a typical corporate office.

• Red Host: These hosts offer the most security that a system may legally carry. They contain "top secret" data, often the kind owners will kill to protect, and mission-critical process controls (life support, vital labs and factories, power grids, and the like). Anti-intrusion defenses tend to be lethal - deckers get no "warning shots" on Red systems.

Mechanics wise, the security value indicates the number of dice rolled to oppose decker's System Tests and rolled for Security Tests.

A host will connect to a LTG in one of four ways:

• Open Access: Each grid is connected individually to the LTG. Any user, anywhere in the world, can use the public grid to access the hosts. If a decker were connected to one host, they could disconnect from that host and connect to another without having to end their current Matrix session.

• Tiered Access: The first host is connected to the grid, further hosts are connected to the first host. In the illustration, Host A is the first-tier host, while B, C and D are second-tier systems. The decker would connect to Host A, then can connect to Host B. To get from B to C, the decker would have to go back to Host A first. This could be a chokepoint, where the primary host contains as vicious security as possible, with the second hosts running lower security.

• Host-host Access: One host is linked to the main grid, the other hosts are linked in sequence. No single host defends the others, instead all perform a job but must share data to do so. This commonly appears in corporate schemas. Only a few machines connect to the public grid, but numerous machines on the second tier of the system are linked to each other. Deckers can only access hosts through other computers that are linked to them. For example, too reach host E, the decker would have to connect to Host A and then go through B, C, and D.

• Private Grid Access: A PLTG network with all the hosts inside a separate system (the PLTG), access to the PLTG is required before hosts can be accessed. A proprietary communications network inhabited solely by the hosts of a given company, government or consortium. These can range from small LANs (Local Area Networks) to global PLTGs. Once a decker has accessed any host in the private grid, he can access any other host connected to that grid. Within a PLTG, hosts may be organized into tiered or host-host access configurations.

Host Subsystem Ratings (ACIFS)

Hosts will have a series of numbers listed after their Security Code and Rating. They are the hosts Subsystems and represent other aspects of the servers protocols and are the base TN for various actions. These are referred to as Access, Control, Index, Files, Slave or ACIFS for short. These ratings determine the difficulty of certain tasks within the Matrix. When looking at the list of Matrix Operations the Test column lists the Subsystem that the Operation the Decker chooses to do will be against. That sets the base TN of the roll.

The actual Target Number used with the Decker's Computer skill depends on any relevant utilities they have. For example, Logon to Host uses the Access Subsystem rating as the TN and then subtracts the decker's Deception utility rating from the number to get the TN.

Remember that the Host Security information and the Subsystem Ratings are not known by the Decker. So, a GM would ask them to make a roll and then subtract the Utility Rating from the relevant Subsystem. While the Decker might be able to determine them by the GM stating when a roll succeeds or fails, the only way to find them out is to perform an operation called Analyze Host, which will give them the details based on the number of successes they get.

Most system operations a decker may perform fall into one of three broad categories: Interrogations, ongoing operations and monitored operations.

Interrogations: These are tests where the decker is essentially in a "dialogue" or interrogation with the system, such as searching for a specific file. To successfully complete their request, the decker may have to perform the operation multiple times, as they need to accumulate 5 or more successes to locate the objective of the search. The gamemaster may choose to assign a number of successes to find a particular piece of data, or give information to reveal to the decker based on the number of successes.
Depending on how the decker defines the criteria for the interrogation, the better the success. A vague or general question get get a +2 TN modifier, while a well-phrased, very relevant or insightful inquiry could get a -1 or -2 TN modifier.
If the host does not have the information the decker is looking for, this is revealed after the decker gets 3 successes or more.
While the decker may find information, it is possible it may not answer the question directly. Instead, it could direct them to another file on another host, requiring the decker to travel through several hosts to find the specific data they are looking for.

Ongoing: These are operations that take time to complete, such as upload or downloads. The time is measured in seconds, according to the rules for the specific operation. If the operation interacts with other events, the gamemaster should calculate the exact point in a Combat Turn when the operation is completed.
To convert seconds to Combat Turns, divide the number of seconds by 3 (round up). For example, a utility upload that requires 6 seconds is 2 Combat Rounds, so if the action was began at the start of Combat turn 3, it would be available at Combat Turn 5's start or halfway through turn 4. If the upload took 7 seconds, that would be 2 Turns plus a 1-second remainder, meaning the uploaded utility would not be available until second or third Initiative Pass of Combat Turn 5 (gamemaster's discretion).

Monitored: These are operations that must be controlled after set into motion. After the decker makes the initial System Test to begin the operation, they must spend a Free Action to maintain the operation each initiative Pass. If they fail to even once spend the action, the operation aborts and they must repeat the operation System Test to restart it.
In some cases, allowing a monitored operation to abort may result in irreversible consequences in the real world. For example, a decker may be running an Edit Slave operation that prevents a security camera from showing human guards the image of the decker's companions breaking into the facility. If the decker allows the operation to abort, the guards may see the decker's companions and foil the run, or worse.

The decker will roll their Computer skill, or the Decking specialization to perform each operation they choose to make. They can add any Hacking Pool dice that they may have to the roll. The TN will be the Subsystem they are going against minus whatever utility they are using (but the player will not know the Subsystem rating unless they do an Analyze Subsystem operation on the specific subsystem or just approximate based on the level of success they got previously).

System Responses

Whenever the decker performs an operation, after determining how successful the test is, the next step is for the system to make a security test. The number of dice are determined by the Security Value of the Host, that number after it's color. The TN is the decker's Detection Factor. Any successes are added to a security tally that determines when events happen based off the security sheaf, described below.

Detection Factor should be known by the decker, but it is calculated by adding the Masking Rating along with their Sleaze program's rating, divided by 2, and rounding up. Masking rating is one of the four Persona Programs of a deck, the others being Bod, Sensor and Evasion. No single rating can be more than the MPCP rating, and total cannot be more than three times the MPCP rating. These other ratings will be useful in other tests, such as detecting things with Sensors or when in Combat with Bod for resisting damage.

Denver features a command to auto-generate a security sheaf, or the steps the host will take when the decker's security tally reaches certain thresholds, in the form of various types of IC (see <+help matrix> in-game).

COMMAND SYNTAX:
+matrix/<difficulty> <Color>-<Rating>

EXAMPLES:

Security sheafs can be easily created with the +matrix command, or you can use the core book and Matrix to devise sheafs of your own.

Looking at the green 4 sheaf above, you can see that when the security tally reaches 5, the system sends out a Probe IC rating 6, which is like a security camera for the system as the IC does a Probe test using the rating against the decker's Detection Factor after every test the decker does and adds any successes to the Security Tally. This is in addition to the normal Security Test made every turn by the GM.

There are four types of IC: White, Trace, Grey and Black.

• White: designed to attack the decker's online Icon and will not permanently do damage to the decker or their deck.
  • Crippler: reduces the rating of a persona Icon
    • Acid: reduces Bod
    • Binder: reduces Evasion
    • Jammer: reduces Sensor
    • Marker: reduces Masking
  • Databomb: Crashes and causes considerable Icon damage
  • Killer: Designed to attack and crash an intruding decker
  • Pavlov: Causes damage to an intruding decker similar to a Databomb without crashing
  • Probe: Observes and adds a measure of security, similar to a security camera
  • Sentry: Acts as a Probe IC, and also enhances the power of other IC
  • Scramble: destroys and scrambles data
  • Tar baby: Crashes a utility program

• Trace IC is designed to find a decker's physical jackpoint.

• Gray is designed to target the decker's cyberdeck and utilities which could result in permanent damage.
  • Blaster: Causes damage to a persona Icon, and can damage the MPCP
  • Ripper: Causes permanent damage to a persona Icon
    • Acid-rip: damages Bod
    • Binder-rip: damages Evasion
    • Jammer-rip: damages Sensor
    • Marker-rip: damages Masking
  • Sparky: Causes damage through electrical overload. May injure both MPCP and decker
  • Tar pit: Destroys all copies of a utility program in memory

• Black IC is specifically programmed to attack the decker, causing dangerous biofeedback between the decker and cyberdeck, possibly causing permanent damage or even death.
  • Cerebropathic: Non-lethal black IC
  • Lethal: Induces lethal biofeedback to the decker
  • Non-lethal: Designed to knockout the decker
  • Psychotropic: Conditions the mind of the decker to perform erratically
    • Cyberphobia: induces Matrix and simsense phobia
    • Frenzy: inspires maniacal rage
    • Judas: induces unconscious compulsion to betray
    • Positive Conditioning: inspires love of the company, prevents the character from acting against the company

The rules for combat are here, and are in pretty decent detail. One thing for a GM to keep in mind, any operations that are listed as Monitored require the player to use a Free Action to check it every Initiative Pass to make sure the operation doesn't cancel. Monitored operations are: Control Slave, Edit Slave, Make Comcall, Monitor Slave, Tap Comcall

One of the key reasons a decker may deck is the same reason a runner might run, they want to get money. So much like a runner may run to steal items from building, a decker may deck a system with the intent to steal files. Perhaps they are just looking for anything interesting, things they could sell for money. These are paydata, found using a Locate Paydata operation and the tables for determining how many, how big they are and what type of defenses they have are here.
The base price of paydata is 5,000 nuyen. The final price varies as this is fenced like any normal stolen property suing the rules on page 237 in SR3 Core book. If the decker was hired to steal some specific data, this would not be done using the paydata rules but instead the Locate File and Download File operations, and the file sizes and difficulty to get to them would also probably be bigger. One paydata point averages 1,500 nuyen (500 nuyen on the low end of fencing, 2500 on the high end as fencing starts at 30% of cost and can go up to 50% or down to 10%). So, depending on the amount of payadata points a character has to sell, a pure paydata grabbing run will likely fall into the 10-20k range.
As Matrix states, if deckers decide to abuse paydata by harvesting it all day every day, gamemasters can nip this in the bud by doing things like reducing paydata value due to flooding the market, fallout from people they've stolen from (in and out of matrix people coming after them for retaliation), also other runners or deckers coming after them for the money the character is amassing or to make a name for themselves.

All of the above information is for general systems. These are the majority of what is out there. However, if a Gamemaster wants to throw some curveballs at their deckers, there are system tricks that can be used. The first option a lot of people will consider is making a system not accessible from the outside. This is great for systems that do not need to be monitored or used by anyone outside the area with access. For example, a security system of a top secret facility will likely be internal while a home and small businesses will likely contract out to an external security company that will monitor for any intrusions remotely and send out police to check it out (think modern day security companies like ADT, Livewatch Security, ProtectAmerica, and so forth). Sometimes, these systems may be connected via a PLTG secured connection to other sites, meaning that once you get into one site and connect directly, you can then connect to any of the other sites in that network (this was the reason the specific bank was chosen in the movie Swordfish).

Using these options can make a decking run take longer as it will increase the difficulty of the run and some can make it so the run may not be completed. So, if you plan to use one or more of these, be aware of those facts so you can plan accordingly.

One trick people often overlook was mentioned in the SR3 core book, page 205.
Distributed Databases: The interconnection of computer networks can make for a real scavenger hunt through the Matrix. Information that seems to be stored on a host may in fact only be there "virtually". Should the file actually be accessed, one would fin a pointer to where the data is actually held on another connected host. This can mean that a decker may have to dig up a chain of reference files on various hosts to lead him to the host that actually has the data he wants. The gamemaster can roll 1D6 to determine how many of these links exist in a given chain of files.

Other tricks you can use include the chapter System Tricks in Matrix, starting on p 117. These are briefly described here:

• Bouncers: spike difficulty on a host up to a higher level when certain criteria are met, bringing a new sheaf out where a Green-4 may become a Red-8.
• Chokepoints: tiered systems where there is a monster of a host connected to the public grid for people to get through from outside while anyone on the inside can jump into a much easier and less restrictive system.
• Trap doors: secret passages in one system to another 'secret' system, and they do not show up on a 'Locate Access Node' test only being found with Analyze Subsystem (and given there are multiple subsystems to use, it could mean many tests).
• One-way SANs: System Access Nodes that allow data to go in one direction such as people in the system can send data to the Matrix but people from the Matrix cannot login.
• Vanishing SANs: System access nodes that are accessible at specific times only and they come in
  • Timed: A SAN opens at the same spot according to some pre-set schedule or at random time intervals based on a formula (IE, could be every 6 hours or every X+Y*Z hours)
  • Teleporting: A SAN opens at a different location each time it appears. It could appear on any RTG or LTG according to its programming at any time.
  • Triggered:A SAN opens in response to some action elsewhere, which could be a complex Rube Goldberg chain where posting a specifically worded message to a forum is picked up by a search program which sends a coded signal to a satellite dish which then sends the activation signal to the system that opens the SAN. It could be a run in itself to get this info (and the triggered SAN could also be Teleporting, making it harder to track down).
• Virtual Machines: Simulated Hosts running on a real host. These will usually look like real hosts and may have some files on them that make them look real (but may be overwritten by the main host when downloaded). It is possible to break out of a Virtual Machine, if the Decker even realizes they are in one. It is possible to nest VMs inside each other as well.

Access: Host's resistance to unauthorized access.
Access Control Index Files Slave (ACIFS): The rating format used when describing the System Rating of any ho
Artificial Sensory Induction System Technology (ASIST): Hardware and programs that allow one to directly experience the senses of another (Simsense).
Bod: Structural integrity of the Decker's Persona, such as resistance to attacks.
Control: Host's resistance to unauthorized administrative commands.
Cyberdeck: A hot microcomputer used by deckers for illegal Matrix access; also used by security deckers.
Cyberterminal: A computer used for safe, legal Matrix access and work; much slower than cyberdecks.
Decker: A hacker, an illegal user of the Matrix.
Direct Neural Interface (DNI): The ability to interface neural impulses with a computer system, thus allowing a user to interact and control a computer system directly with his brain.
Dumped: To be involuntarily ejected from the Matrix
Dumpshock: The disorientation resulting from the rapid cutoff of a Simsense signal.
Evasion: Agility of the Decker's Persona, such as its ability to maneuver in cybercombat or escape attention of Trace IC.
Files: Host's resistance to unauthorized access of files.
Grid: A series of interlocking computer systems (hosts).
Host: A single computer system.
Host-Host Access Grid: Each host is linked to the next one, and only one host is linked to the grid.
Icon: Any object a user sees in the Matrix.
Index: Host's resistance to unauthorized searches.
Intrusion Countermeasures (IC): Any software program installed in a computer system (host) with the express purpose of protecting that system from unauthorized users.
Jackpoints: Any physical location that provides access to the Matrix.
Local Telecommunication Grid (LTG): A Grid covering a small area (neighborhoods, cities). numerous LTGs connect to a single RTG.
Masking: The ability of a Decker's Persona to conceal itself in the Matrix.
Matrix: The world telecommunications network.
MPCP: Master Persona Control Program, the master operating system of a cyberdeck.
Node: Part of a host, such as a subsystem, usually represented by a virtual landscape.
Open-Access Grid: Each grid is connected individually to the LTG.
Persona: A deckers icon.
Persona Program: One of the four programs (Bod, Evasion, Masking, or Sensors) that defines the personas “Attributes.”
Private Grid Access: A PLTG network with all the hosts inside a separate system (the PLTG) , access to the PLTG is required before hosts can be accessed.
Private Locale Telecommunication Grid (PLTG): Any grid which the general public cannot access.
Regional Telecommunication Grid (RTG): The largest type of grid, RTGs cover entire countries.
Sculpted System: Matrix hosts with detailed, non-standard iconography, usually encompassing a particular metaphor.
Security Decker: A decker employed by a corporation or law enforcement agency to protect certain Matrix areas from deckers.
Sensors: The ability for the Decker's Persona to filter the Matrix datastream for important information, similar to a 'perception' in the real world.
Simsense: Hardware and programs that enable a person to experience the reality of what has happened to someone else.
Slave: Host's resistance to unauthorized operation of remote devices.
Subsystem: The five operational aspects of any Grid or host, such as Access, Control, and so forth.
System Access Nodes (SANs): The icon connection between host computers or grids to other host computers or grids.
Tiered Access Grid: First host is connected to the grid, further hosts are connected to the first host.
Tortoise: Decker slang for cyberterminals.
Universal Matrix Standards (UMS): The standard iconography that is currently falling out of fashion in the Matrix.