CA DLP r12.0 Stored Data - NIST NSRL Database

 

CA Release Date: September 2009

RDS Version: 2.24, March 2009

Contents

1. Introduction

2. What is a NIST database?

3. RDS version

4. Attach a NIST database

 

1. Introduction

This CD contains a NIST database of known files that has been configured for use by the CA DLP File Scanning Agent (FSA). The FSA can use this database to identify files that do not need scanning.  i  Although this version of the NIST database was released in conjunction with CA DLP r12.0, you can deploy it, if required, with earlier versions of the CA DLP product (previously called Orchestria APM).

2. What is a NIST database?

Also known as the National Software Reference Library (NSRL), this is a database of known benign and malicious files. The database is maintained by the National Institute of Standards and Technology (NIST). From the NIST Web site: "The NSRL provides a repository of known software, file profiles, and file signatures for use by law enforcement and other organizations in computer forensics investigations." The purpose of the NSRL is to ease the burden of investigating computer files. A typical desktop computer can contain over 100,000 files, so investigators need to eliminate as many known files as possible from having to be reviewed. For further details, see the NIST Web site: http://www.nsrl.nist.gov

3. RDS version

The file signatures and identifying information in the database, called the Reference Data Set (RDS), is distributed through NIST’s Standard Reference Data Group as NIST Special Database 28. The RDS version included on this CD, configured for use by the CA DLP FSA, is: Version 2.24, March 2009

4. Attach a NIST database

You must install the NIST database before installing the FSA. Specifically, you must attach the WGN_NIST database to any instance of SQL Server 2005 or 2008. To do this: Run installNIST.cmd. Find this file on your CA DLP distribution media for the NIST database. You must run this command file on the SQL Server host machine. This command file prompts you for the path to the target folder for the NIST database. It then attaches a WGN_NIST database to the target instance of SQL Server. To do this, it installs the following data and transaction log files: WGN_NIST.mdf WGN_NIST_log.ldf After successfully attaching the WGN_NIST database, you are ready to install the FSA. As part of the FSA installation, you must also install the NIST Database Connector. See the Deployment guide for details; search the index for 'FSA: installing'.