Optimize File Size for the Web

Large files require more time to download. This isn't a huge issue when on campus, but off-campus Internet connections for students, faculty, and TAs alike can vary significantly in bandwidth. Low-bandwidth connections can make it very difficult for students to access large files when off-campus. Large files also increase course size and make higher demands on our Blackboard servers (hosted and managed by Blackboard).

How do files get so large?
Video content, audio content, and graphics: A picture is worth a thousand words, but takes up a lot more space than those 1,000 words.
Images, audio, and video content are great tools to use in courses, so to ensure students can access them, please follow these steps when creating your content:

1. Audio and Video files

Have your audio and video converted and streamed from our server. Visit media streaming services and fill out the media request form. This bypasses the need to use Blackboard as repository, and students can stream the content directly from our server. The media will be transferred to our helix or wowza streaming server and the url can be added to your course.

2. Images uploaded directly into Blackboard

Images can be created and manipulated in a variety of software types. When saving your images for upload save them either in .jpg format (for photograph images) or .png format (for diagrams, visio files, etc) to minimize their size.

3. Powerpoint and/or Word files containing images

Powerpoint presentations can be attached to a Blackboard content area in the same way any other file might be attached. If your file is bloated because of images, reduce the size of these files with the following steps:

  1. Once you have finished creating your presentation, save the file as you normally would.
  2. Click on any image in the file, This will display PowerPoint Picture Tools at the very top of the window. Click on Format, immediately beneath Picture Tools to open the Picture Toolbar.
  3. Click on the Compress Pictures icon close to the left-hand side of the Pictures toolbar. This will display the Compress Pictures Dialogue Box.
  4. Do not check the Apply to selected pictures only .
  5. Click Options and check the button next to Screen (150ppi), Click OK.
  6. Click OK once more.
  7. The images added to your PowerPoint are now compressed and the resolution is set for use of the web. Save this PPT file to your hard drive under a different file name so that you retain your original file and the compressed file. Upload the compressed file to your Blackboard course.
  8. This same set of steps can be used to compress a Word file with images.

4. Pdfs of scanned documents
Scanned documents can produce very large files, often because of incorrect scanner settings. When scanning documents, make sure the scanner/copier is set up to scan in "black and white" document mode, and not a true color setting.

January 01, 2012

Secunia PSI

Secunia PSI is a security tool designed to detect vulnerable and outdated programs and plug-ins. These vulnerabilities expose your PC to attacks which are rarely blocked by traditional anti-virus due to the fact they exploit programs already on your computer and are therefore increasingly "popular" among criminals. Order/Download Now

The only solution to prevent these types of attacks is to apply security updates, commonly referred to as patches, to every piece of software and plugin on your system. Finding and applying these patches is a tedious and time consuming task. Secunia PSI automates identifying vulnerable software and alerts you when your programs and plug-ins require security updates. Secunia PSI will also alert you when software reaches the end of a support life cycle and may require an upgrade.

Note:  The default installation of the PSI client automatically updates Java and will automatically install updates that may cause incompatibilities UAB systems including Blackboard Vista, Oracle HR/Finance, and Banner.  

There are two methods of configuring PSI and working with automatic updates.  Please choose the appropriate one.

  1. Update Approval before Automatic Updates (Risk is not reviewing Secunia)
  2. Automatic Updates and ignoring Java (Risk is ignoring java)

Update Approval before Automatic Updates

Execute the PSI installer, click Next and then accept the License Agreement.

On the screen marked "Auto-Update Configuration" check the box "Require user-interaction before each Auto-Update"; click Next.

Click Next through the remainder of the install screens and click "Finish."

After installer finishes launch the PSI client.

The client will immediate start a scan.  Close the popup and wait for the scan to finish.

Scan results will likely show that there are insecure programs present.

Approving Updates

For software that has pending updates.  Those updates can generally be applied by left clicking the Approve Update link at the right hand side of the scan results page.  Sometimes the software cannot be automatically updated and will require the user to download and install the update manually.  In this case, clicking the update link will direct the user to the appropriate website to download the patch.

Ignore Java Updates and allow unprompted automatic updates

This configuration can leave Java as a risk that will never be identified.  However, it will automatically update many packages without user interaction.

Execute the PSI installer, click Next and then accept the License Agreement.

On the screen marked "Auto-Update Configuration" check the box "Require user-interaction before each Auto-Update"; click Next.

Click Next through the remainder of the install screens and click "Finish."

After installer finishes launch the PSI client.

The client will immediate start a scan.  Close the popup and wait for the scan to finish.

Scan results will likely show that there are insecure programs present.

View the scan results and take note of the location of the unpatched version of java and any other programs that should not be automatically updated.

Expand the Configuration menu on the left and select “Settings.”

Select the “Ignore Rules” tab at the top of the configuration screen.

Select “Create Ignore Rule” and name it java (or whatever program needs exclusion). Enter the location to the program in the box labeled “Rule Path”.

Clicking OK should immediately exclude the program from the scan list.

Finally, re-enable auto-updates for all programs that are not excluded. Select the PSI Settings tab and uncheck “Prompt before running automatic program updates.”

The computer will now update installed software automatically.

1. Overview

The IT Administrator's view of Secunia is via the "Secunia CSI" Console.   There are two subcomponents available.  

  • Deploying Secunia CSI Agents (Scan systems for software vulnerabilities)
  • Deploying Secunia PSI Agents (Scan systems for software vulnerabilities, provide some automatic patching and give reporting to end user).

1.1 Notes

  • UAB has a site license (currently through Fall 2013) for this software though there are license counts associated with the software and administrator accounts.
  • Secunia PSI can only have 1 linkID per reporting subaccount!
  • Secunia PSI can be configured to report to a CSI instance or be standalone. Personally owned devices should generally use the non-reporting PSI.
  • UAB IT's initial deployment does not include pushing patches via WSUS. How to accomplish this on top of our existing WSUS processes and coming Forefront-based processes is being examined.

2. PSI Usage

If you are only worried about one or two systems (like a workstation), use the end user install of secunia PSI.

3. CSI Usage

Full documentation is available at http://secunia.com/vulnerability_scanning/corporate

  • Establishing Subaccounts. Each subaccount is a unique set of reporting views and licensing counts. Accounts can either be subordinate or they can be a "shadow" of an existing account.
  • Reporting (AdHOc or Scheduled Email); Several are available including static URLs that you can include in existing webpages as a dashboard for system status.
  • Integration with Secunia PSI;
  • Patch deployment Integration with WSUS or SCCM; This requires your own WSUS infrastructure. UAB IT is currently examining how to offer third party patches beyond Microsoft.

3.1 Getting Started with CSI

  1. Contact AskIT@uab.edu and request an account. Please indicate an approximate number of systems and other administrators you will need.
  2. You will receive an email with your account username and password from Secunia int_esm@secunia.com.
  3. Download and install the CSI Management console from http://secunia.com/vulnerability_scanning/corporate
  4. Login to the CSI Console with your assigned username and password. You can change your password at anytime.

3.2 Downloading CSI Agent

Please note that a csia.exe download is bound to an account.  If you end up with multiple accounts, please make sure to keep your csia.exe unique.

  1. Go to Scan > Scheduled Scanning > Download Agent; There is also a manual available on this screen.
  2. Choose an installation methodology. At the end of this document is an example script that will run csia.exe using the -NAME of the hostname as the "group" .

3.3 Downloading a Linked PSI Agent

PSI agents are nice for situations where end users take some responsibility for the software they install and keep up to date.   Please refer to end-user documentation for dealing with some of the caveats associated with PSI, especially with Java.

  1. Go to Scan > PSI Integration > Download Custom PSI
  2. Create a unique LinkID for your area. This cannot be changed.
  3. Save the custom installer as PSISetup!.exe; The name of the installer should not be changed.

3.4 Creating a shadow account

This is an account with the same reporting scope as an existing account.

  1. Navigate to User Management > Shadow Accounts
  2. Click New Shadow Account
    • Name: Real Name
    • UserName: blazerid@Uab.edu
    • Email: blazerid@uab.edu
    • Click "Generate Password"
    • Select the level of access they need to have to your main account
      • Read/Write (Can make changes/delete hosts/regroup systems)
      • Read (Can view reports/system status)

3.5 Creating a subaccount

This is an account with a new reporting scope.  This will not roll up into your main set of reports.  This is useful for delegated responsibility situations such as labs.  If you want someone else to have the same rights as you, create a shadow account!

  1. Navigate to User Management > Accounts
  2. Click New Account

4. Secunia CSI Login Scripts

This script is suitable for being used as a login script or as a scheduled task.   Please share any suggested changes to this script.

' NAME: runsecunia.vbs
' AUTHOR: Chris Green cmgreen@uab.edu
' AUTHOR: Aaron Blum    ablum@uab.edu
' DATE  : 2/2/2011
' DATE  : 5/1/2012 (updated)
'  Runs the Secunia csia agent (different visibility scopes per user) and
'    sets the site to the active OU|
'     5/1/2012 - Updated Script to work with Secunia 5.0 Agent
'     2/2/2011 - Made csia execute in background.
' This default configuration assumes that the csia.exe file is
'   in the "C:\Secunia\" folder and that logs are to be placed
'   in the "C:\Secunia\logs" folder.
' It also configures the agent to check-in every two days
'  This can be modify by adjusting the flag after the -i in SecuniaCmd
' Change these values where needed.
' SEC (AKA Chris Green) Login Script

 'On Error Resume Next

'' full path to CSI Program
''const CsiaPath = "%ProgramFiles%\Secunia\csia.exe"
const CsiaPath = "C:\Secunia\csia.exe"
'' Output log directory, Log will be username.sec
''const LogPath = "%ProgramFiles%\Secunia\logs\"
const LogPath = "C:\Secunia\logs\"
'' Run in foreground?
const bInteractive = False

Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
' Overwrite the last instance of the logs
Dim objLogPath, ouGuess, idxDash, secuniaCmd
objLogPath = LogPath & objNetwork.UserName & ".sec"
Set objLog = objFSO.OpenTextFile(objLogPath,2,true)

TimeStamp = Year(now) & "-" & Month(now) & "-" & Day(now) & "-" & Hour(now) & Minute(now)
ouGuess = "ADLogonScript"
idxDash = InStr(1,objNetwork.computername, "-", 1) - 1

If idxDash > 0 Then
   ouGuess =  Mid(objNetwork.computername, 1, idxDash)
End If  

objLog.WriteLine("[*] Secunia " & objNetwork.UserName & "@" & objNetwork.computername & " on " & Now)

secuniaCmd = CsiaPath & " -i 2D -L -g " & ouGuess & " -v --skipwait -d " & LogPath & TimeStamp & "_csia.log"
objLog.WriteLine("[*] Secunia Executing with " & secuniaCmd)

If bInteractive Then
                set oExec = objShell.Exec(secuniaCmd)

                ' Wait for the scan to complete
                Do While Not oExec.StdOut.AtEndofStream
                                strText = oExec.StdOut.ReadLine()

                objLog.WriteLine("[*] Secunia Exited with " & oExec.Status & " on " & objNetwork.UserName & "@" & objNetwork.computername & " on " & Now)

    '' Close the output file, hide csia in the background
                objShell.Run "cmd /c " & secuniaCmd & ">>" & objLogPath, vbHide
End If