Technical Essentials

If you want to secure connection to a resource on your apache web-server by using public key encryption technique then you can add the mod_ssl module into the apache web-server for that purpose.

Here are the list of things that are explained in this tutorial:-

1. Installing OpenSSL
   
2. Public key encryption standard.
3. Certificate Signing Authority(CA) and Digital Signatures
4. Creating the Digital Certificate.
5. Installing the certificate's and keys in proper directory
   
6. Setting up the apache configuration(httpd.conf)
   
7. Testing the configuration

1.Installing OpenSSL

The apache web server comes now bundled with and mod_ssl module.You can directly download the version 2.13 of apache web server from this link.

We need OpenSSL for producing digital certificates and what are these will be examined later on.

Just open and run the installer and after you have done that proceed to the second step and note that you may also need to download the OpenSSL module seperately for windows and also need to have the visual C++ modules for it to run. You can download these from this link.

2.Public key encryption standard: The public key encryption in short works as follows:-

The Server generates a secret private key that is used for encrypting the contents and also generates a corresponding public key that is forwarded to the Client which is used to decrypt the contents of the message.

The client's on the other hand sends its private information by encrypting it with the server's public key so that only the server is able to decrypt the contents, as it is presumed that only the server is in possession of the private key.

3. Certificate Signing Authority(CA) and Digital Signatures:-

The only problem with the previous scheme was that the client cannot be sure that the sender is who he claims to be and this is where a CA comes in as it is responsible for verifying the details of the sender and issuing the X.509 digital certificate to it. The X.509 digital certificate contains the sender's public key and the hashed data about the CA itself which is encrypted using its private key (The hashed data encrypted using CA'S key serves as Digital signature of the CA) which is send back to the sender.

The sender (server), when sending information to the client may choose to encrypt the entire contents or just calculate an SHA-1 hash and encrypt it using it's private key and sends the X.509 digital certificate it obtained from the CA along with this.

There are many well known certificate authorities such as Verisign etc whose certificates are not to be signed by any authority as they are the root certificate authorities and there certificates already come pre-installed in the browsers like Firefox, Internet Explorer etc. you can view them in mozilla firefox by going to Tools->Options->Advanced-> Encyption and then choosing View Certificates.

On the client side firstly the x.509 digital certificate is verified by using the CA's public key (stored in the browser in the CA certificate public key info) and decrypting the hash sent in the x.509 digital certificate and comparing it with the hash that is calculated over the rest of the x.509 digital certificate that was sent. If these hash values match then client can be sure that this certificate really was signed by the CA and hence can be sure of the server that is sending the data because it was signed by the CA. The client then can decrypt the contents of the message by using the public key found in the x.509 digital certificate.

This trusted third party scheme is secure because case the sender(server) loses its private key then it can ask the CA to revoke its certificate and this can ensure that no one else can pretend to be the sender.

It may happen that once in a while you may encounter that if you are viewing a site in mozilla you may encounter that mozilla displays you a warning message as shown below which warns you that you may be at risk viewing the website, this happens only due to the fact that the certificate may be self-signed by the server or a CA not known to the browser and therefore the authenticity of the sender cannot be known and hence you should avoid sending personal details to a web server like that.However, if you do trust the server you can click on proceed and this leads to saving of the CA certificate of the server's CA on your browser and then you can view the certificate as mentioned above. In our sample installation we are going to create our own CA and we are going to sign that certificate signing request to produce a X.509 digital certificate.

4.Creating the x.509 digital certificate:-

To create the digital certificate we have to do the 5 following steps:-

1. Generate the Server's Private and Public key
   
2. Generate the CA's Private and Public key
3. Generate the CA's x.509 Digital Certificate (Self-Signed)
4. Generate the Server's Certificate Signing Request
5. CA signing the certificate signing request

1. Generate the Server's Private and Public key:-

To generate the server's private key execute the following command in the directory above the directory that contains the OpenSSL module which in windows would be (if you have installed it using the windows binary) "C:\OpenSSL\bin" :-


openssl genrsa -out server.key 1024


This command produces an private rsa key of 1024 bits long and you do not have to create a separate public key. You can choose to encrypt these key by adding -des3 oprion after the genrsa option which will encrypt this key by using 3-DES symmetric encryption standard.


2. Generate the CA's Private and Public key:-
   Repeat the same step as above and generate the private key for the CA and also encrypt this key. You will be asked for the pass-phrase for the key that would be required in case you want to use that key. Now execute the following command.
   

   
   openssl genrsa -des3 -out CA.key 1024



3. Generate the CA's x.509 Digital Certificate (Self-Signed):-
   Execute the following command to generate a self signed x.509 digital certificate.
   

   openssl req -new -x509 -key CA.key -out cacert.pem -days 1095

   
   When you execute this command you would be asked for the pass-phrase of the key which you entered in the previous step so enter it and fill in the details asked for.
   This command produces a self signed certificate(cacert.pem) using the encrypted rsa key CA.key with validity of 1095 days.
   


4. Generate the Server's Certificate Signing Request:-
   Now execute the following command to generate the server's certificate signing request (CSR).
   

   openssl req -new -key server.key -out server.csr

   
   Enter the details as requested and this will produce the csr that is sent to real CA authorities but in our case we are our own CA so we'll sign the certificate on our own.


5. CA signing the certificate signing request:-
   This command when executed will sign the certificate request server.csr to produce a x.509 digital certificate signed by our own CA.
   

   openssl x509 -CA cacert.pem -CAkey CA.key -in server.csr -req -days 365 -out server.crt -CAcreateserial
   

   
   This command signs the certificate signing request and note that the last option(CAcreateserial)is required because there has to be a serial file server.crl for CA to sign the certificate and is required only the first time.

5.Installing the certificate's and keys in proper directory:-

The certificate's and the key files should be installed anywhere outside the web root directory of apache like a directory c:/secret and placed in that directory. The certificate's should be installed outside of the directory because they are inaccessible to visitor of your site.

6.Setting up the Apache configuration(httpd.conf):-

There are many mod_ssl directives that you can implement i am just going to discuss some basic ones for more information there is an excellent tutorial available at this link www.modssl.org


Here's the sample configuration

Few of the mod_ssl directives:-

1. SSLEngine on/off :- This is the basic directive which enables or disables the ssl on apache. Prior to version 2 of apache this was called as SSLEnable /SSLDisable.
   
2. SSLCertificateFile server_cert_file :- This specifies the certificate file for the server ie the server's x.509 digital certificate. Use /for absolute path or dir-name/file for the relative directory under the apache directory. In this case server.cert .
   
3. SSLCertificateKeyFile server_key_file :-This specifies the private key file for the certificate file. In this case server.key .
4. SSLCACertificateFile ca_cert_file:- This specifies the certificate file of the CA ie the CA's self signed x.509 digital certificate. Use /for absolute path or dir-name/file for the relative directory under the apache directory. In this case cacert.pem .
5. SSLRequireSSL:- This forbids access to resource unless http over ssl is enabled for the current active connection.
6. SSLProtocol (SSLv2,SSLv3,TLSv1,All):- By default all the protocols are enabled.You can disable a particular protocol like this: SSLProtocol all -TLSv1 which disables the Transport layer security protocol v1.
7. SSLSessionCacheTimeout time_in_sec:- This sets the time in seconds till which the session key will be cached locally after which the key will be changed.
   

##############################################
############# mod_ssl configuration ############
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLEngine off
#change this to directory where your certificate's are installed
SSLCertificateFile conf/server.cert
SSLCertificateKeyFile conf/server.key
SSLCACertificateFile conf/cacert.pem
#set the server to listen on port 8080
Listen 127.0.0.1:8080
<VirtualHost 127.0.0.1:8080>
#enable ssl engine for port 8080
SSLEngine on
SSLSessionCacheTimeout 300
SSLProtocol SSLv3
# here you can setup access to directories and authentication
# by using the <directory dir_name=""> directive and AuthType,AuthName,etc
##############################################
############# end mod_ssl conf ###############
</VirtualHost>

7. Testing the configuration:Now all you have to do is just open the browser and type in the url https://localhost:8080 and after which you will be displayed with a warning message by your browser as was mentioned before. The warning message look like the following in Mozilla Firefox.

The sysdate.exe file is a trojan and it binds itself with the help of windows registry with the explorer.exe process.So that whenever you start the explorer.exe it starts alongwith it. It has various names like 604.exe,408.exe etc. The sysdate.exe process is stored in the recycle bin or the recycler folder which is hidden.

To heal your computer from the trojan follow these steps:-

1. The first thing you need to do is empty your temp folder where this trojan maybe stored with different names like 604.exe etc. For this open the run prompt and type %temp% and delete all the executable files in that.


2. Now you have to delete the actual sysdate.exe file and for that you will have to manually delete it from the RECYCLER folder but the folder is a hidden and system folder so you can not see it in the c drive. So just execute the attrib command with parameters -r -h -s to remove the the attributes(r(Read-only) ,-h(Hidden) ,-s(System)).
   To do the aforementioned task, open the command prompt and type the following command.
   

   attrib -r -h -s C:/RECYCLER
   

   
   Also you have to repeat this step with the actual folder containing the sysdate.exe under the recycler folder. Execute the following command

   attrib -r -h -s C:/RECYCLER /S-1-5-21-832453443-4443154761-431384085-6428
   

   
   Here the folder name may vary because the trojan might be stored with a different folder name.
   


3. Now actually to delete the file sysdate.exe, you would have to first kill the explorer.exe process from the task manager. Press ctrl+alt+del , Now from the processes tab select explorer.exe process and press delete key or click on end process. Now in the task-manager go to the file menu and select new task and then click on the browse button and navigate to the folder under the Recycler folder containing the file sysdate.exe and Shift+Delete it. Now delete the Recycler folder as well, Don't worry the recycler folder will come back so there's no risk in deleting it.
   
   
   
   
   

















4. Now in the new task menu of task manager, type regedit and then navigate to the following key
   HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
   Now from the right window pane delete the Taskman key. Press F5 to check whether it reappears or not. If it does not then you would have successfully removed the trojan.
   
   
   






5. Now navigate to the following registry key.
   HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
   and modify the shell key by removing anything that follows the explorer.exe.
   
   
   
   













6. Now in the new task menu of task manager type explorer which will restart the explorer process and your system would be free from the trojan.

This tutorial provides you with tips on how to get a consistent 100fps or round about that.

Prerequisites:

• a graphics card external but it maybe the case that an on-board card would suffice.I use nvidia geforce 5200fx 8x agp(accelerated graphics port) slot card. It is pretty cheap and old technology as now pc's come with the pci express slot.
  
• a dsl connection >256 kbits/sec: I am pretty sure people would have that much by now.

1. Graphics card Setting:

• I am displaying with examples of nvidia display driver you should have similar options in ati cards or any other gfx card.


• Ok so first step is to open nvidia control panel from nvidia icon in taskbar by right clicking on it and choosing nvidia control panel. You can do the same by going to control panel and opening it from there.


• Now Choose "3d settings" option from the nvidia control panel. After that choose "adjust image settings with preview" don't worry if you don't find that option the important point is you have to edit 3d settings.


• Then choose "use advanced 3d settings " and click on take me there as shown in figure.
  

• Choose Global Settings tab and then choose texture filtering option and select high performance from drop down list as shown in the figure below. This option is most important as it will cause sharp rise in your fps.
  

• Now choose Vertical sync option and select force off ,Also turn the anisotropic filtering to application controlled (as it is not allowed to be turned off in tournaments) and anti aliasing to off. One more thing if your graphics card is dual display card then choose hardware acceleration to single display performance mode. Apply these settings and move to game configuration part.

1. Configuring start up options and launch parameters:

• Right click on the shortcut to your game and select properties then in the target field append the parameters -noipx -sv_lan 0 +heapsize 250000 +sys_ticrate 1000. For example "C:\Counter-Strike 1.6 + Half-Life\hl.exe" -game cstrike -noipx -sv_lan 0 +heapsize 250000 +sys_ticrate 1000" and in case of steam append it after the -applaunch 10 parameter.


• Now launch the game and open the console by pressing '`' character and type fps_max 101 and after that r_decals 300 , rate 25000 , cl_updaterate 101 ,cl_cmdrate 101 . because they must match your fps rate for better registry.


• Now go to video options and select open gl mode with resolution of your choice, i personally use 800*600 resolution.
  

The dual core and quad core processors have become very popular nowadays but the main reason behind their success is the power management.

There are two basic concepts that one must know, they are :-

Overclocking the processor :-

Let's say that ideally a normal single core processor takes x units of power to give x units of performance. But users generally tend to increase the performance by overclocking the processor ie essentially increasing the clock frequency of the processor. If a user follows the process of overclocking the processor, then the performance increase is about 12-13 percent but the power increase required for that would be about 70 percent.

Under-clocking the processor :-

Now the interesting concept is what if we under-clock the processor that is decrease the clock frequency of the processor?

In this case we could get about 80 percent of the performance at roughly half the power. For example we would get .8x units of performance at .5x units of power.

Now this is the concept that is utilized by the dual core processors and instead of using a single processor we combine the two processors and operate each one of them at half of it's power and so for the same power taken by the normal single core processor we get about 70 percent increase in performance. The aforementioned reason is the core reason behind the success of dual core processors.

Another major factor in dual core processors is as they operate at lower clock rates it helps in reducing the speed mismatch between the processor and the memory and this is a relevant factor because with processor clock rates increasing at very faster speeds the corresponding increase in clock rates of cache memory is not their, therefore a processor's clock cycles are not utilized properly and are wasted in memory read/write cycles.

Hence the concept of under-clocking helps also in reducing the speed mismatch b/w the memory and the processor.

There are a few steps that you have to follow before you can create a dedicated server (Hlds) for counter strike 1.6

The steps are :-

1. Configuring the router/modem: Follow these steps:-

• Open any web browser and in the address bar type 192.168.1.1/main.html or 192.168.1.1/index.html or 192.168.1.1 , whichever provides you with advanced configuration menu.
  


• After this a pop-up will ask you about the user name and password. The default user name and password pair's are admin, admin or admin, password, enter other values if you have modified the default settings.
  


• Then choose advanced setup-> Nat -> Virtual servers (don't worry if you cannot find the exact sequence, what really matters is that you must be able to find the virtual servers option)
  


• Now, choose add a virtual server and repeat the following steps for opening the ports shown in the table.
  
  a) Type the service name as shown in the table
  b) Type start port as start port shown in the table
  c) Type end port as port shown in the table
  d) Choose the protocol as shown in the table
  e) Type 192.168.1.5 as server ip
  f) Press add server button.




Server name	Start port	End Port	Protocol
Half life	6003	6003	TCP and UDP
Half life	7001	7001	TCP and UDP
Half life	27005	27005	UDP
Half life	27010	27015	UDP
Half life Server	27015	27015	UDP
Half life Server	27016	27016	UDP



After these steps the virtual server configuration of the modem should look like the following figure.

• This finishes the modem's setup. Just note the DNS (Domain Name server) ip in the modem's wan info page, it will be used later.
  

• Open the control panel and switch to classic view.


• Then open network connections.
  


• Right click on the Local area Connection and choose properties.


• Then scroll down and select The Internet protocol( Tcp/Ip) option and click on properties button (refer to the following figure).
  




















• Choose the "use following ip address" radio button and enter the following:-
  a) Ip address: 192.168.1.5
  b) Subnet mask: 255.255.255.0
  c) Default gateway: 192.168.1.1
  d) Preffered DNS server: Enter the address that you noted in at the end of step 1