Nodes allow decker to perform actions based on the type of node. Data nodes contain files that can be downloaded, edited or deleted. IO nodes can be disabled or enabled. Security nodes allow decker to cancel system alert. CPU nodes allow decker to gain map of nodes, create backdoor access or shutdown the whole system.
Any use of these actions require use of Stealth software. If no Monitor ICE is present, decker only has to overcome node rating. If Monitor ICE is present in the node, the skill check is harder by the rating of the ICE. Monitor ICE will also raise alert when unauthorized node action is detected. Because of this risk, deckers will usually try to Deceive or destroy Monitor ICE first to make node actions safer and avoid system alerts.
When the Monitor ICE is alerted to decker’s presence, it will block all node actions and try to raise system alert. It will also alert any other ICE in the same node. If the node is CPU node, the ICE may attempt to shutdown the system to disconnect all users.
When system is alerted, all ICE in the system are notified. Those dedicated to reaction security will move to node where the alert originated from to deal with the intruder. System alert can last even after the decker has disconnected or was kicked from the system. Red alert is usually decreased to yellow as soon as any active threat to system is removed. Yellow alert can remain in place in the system for several days depending on the system security. If mission contract specified that no alert can be raised, the mission fails as soon as the Red alert is set in the system, regardless of whether decker is later able to cancel it using Security node.