CIS9340Chapter 20-Security and Administration.pdf
Document Details
Uploaded by ProblemFreeQuail
Tags
Full Transcript
CIS 9340 CHAPTER 20 SECURITY AND ADMINISTRATION SECURITY AND ADMINISTRATION The term security refers to the protection of the database against unauthorized access, either intentional or accidental. Database security The mechanisms that protect the database against intentional or accidental threats...
CIS 9340 CHAPTER 20 SECURITY AND ADMINISTRATION SECURITY AND ADMINISTRATION The term security refers to the protection of the database against unauthorized access, either intentional or accidental. Database security The mechanisms that protect the database against intentional or accidental threats. Security considerations apply to not just the data held in a database: breaches of security may affect other parts of the system, which may in turn affect the database. Consequently, database security encompasses hardware, software, people, and data. To effectively implement security requires appropriate controls, defined in specific mission objectives for the system. SECURITY AND ADMINISTRATION A database represents an essential corporate resource that should be properly secured using appropriate controls. We consider database security in relation to the following situations: • theft and fraud; • loss of confidentiality (secrecy); • loss of privacy; • loss of integrity; • loss of availability. Theft and fraud affect not only the database environment but also the entire organization. As it is people who perpetrate such activities, attention should focus on reducing the opportunities for this occurring. Theft and fraud do not necessarily alter data, as is the case for activities that result in either loss of confidentiality or loss of privacy. SECURITY AND ADMINISTRATION Confidentiality: refers to the need to maintain secrecy over data—usually only data that is critical to the organization—whereas privacy refers to the need to protect data about individuals. Breaches of security resulting in loss of confidentiality could, for instance, lead to loss of competitiveness, and loss of privacy could lead to legal action being taken against the organization. Loss of data integrity: results in invalid or corrupted data, which may seriously affect the operation of an organization. Many organizations are now seeking virtually continuous operation, the so-called 24/7 availability (that is, 24 hours a day, 7 days a week). Loss of availability: means that the data, or the system, or both cannot be accessed, which can seriously affect an organization’s financial performance. In some cases, events that cause a system to be unavailable may also cause data corruption. Threat: any situation or event, whether intentional or accidental, that may adversely affect a system and consequently the organization. SECURITY AND ADMINISTRATION A threat may be caused by a situation or event involving a person, action, or circumstance that is likely to bring harm to an organization. The harm may be tangible, such as loss of hardware, software, or data, or intangible, such as loss of credibility or client confidence. The problem facing any organization is to identify all possible threats. Therefore, as a minimum, an organization should invest time and effort in identifying the most serious threats. Any threat must be viewed as a potential breach of security that, if successful, will have a certain impact. SECURITY AND ADMINISTRATION SECURITY AND ADMINISTRATION SECURITY AND ADMINISTRATION SECURITY AND ADMINISTRATION Potential threats and users SECURITY AND ADMINISTRATION Countermeasures—Computer-Based Controls The types of countermeasure to threats on computer systems range from physical controls to administrative procedures. Despite the range of computer-based controls that are available, it is worth noting that generally, the security of a DBMS is only as good as that of the operating system, owing to their close association. The computer-based security controls for a multi-user environment (some of which may not be available in the PC environment): • authorization, • access controls, • views, • backup and recovery, • integrity, • encryption, • RAID technology. SECURITY AND ADMINISTRATION Authorization The granting of a right or privilege that enables a subject to have legitimate access to a system or a system’s object. Authorization controls can be built into the software and govern not only what system or object a specified user can access, but also what the user may do with it. The process of authorization involves authentication of subjects requesting access to objects, where “subject” represents a user or program and “object” represents a database table, view, procedure, trigger, or any other object that can be created within the system. SECURITY AND ADMINISTRATION A system administrator is usually responsible for allowing users to have access to a computer system by creating individual user accounts. Each user is given a unique identifier, which is used by the operating system to determine who they are. Associated with each identifier is a password, chosen by the user and known to the operating system, which must be supplied to enable the operating system to verify (or authenticate) who the user claims to be. This procedure allows authorized use of a computer system but does not necessarily authorize access to the DBMS or any associated application programs. A separate, similar procedure may have to be undertaken to give a user the right to use the DBMS. The responsibility to authorize use of the DBMS usually rests with the Database Administrator (DBA), who must also set up individual user accounts and passwords using the DBMS itself. Some DBMSs maintain a list of valid SECURITY AND ADMINISTRATION Access Controls The typical way to provide access controls for a database system is based on the granting and revoking of privileges. A privilege allows a user to create or access (that is read, write, or modify) some database object (such as a relation, view, or index) or to run certain DBMS utilities. Privileges are granted to users to accomplish the tasks required for their jobs. Discretionary Access Control (DAC) Most commercial DBMSs provide an approach to managing privileges that uses SQL called Discretionary Access Control (DAC). The SQL standard supports DAC through the GRANT and REVOKE commands. The GRANT command gives privileges to users, and the REVOKE command takes away privileges. SECURITY AND ADMINISTRATION Mandatory Access Control (MAC) Mandatory Access Control is based on system-wide policies that cannot be changed by individual users. In this approach each database object is assigned a security class and each user is assigned a clearance for a security class, and rules are imposed on reading and writing of database objects by users. The DBMS determines whether a given user can read or write a given object based on certain rules that involve the security level of the object and the clearance of the user. A popular model for MAC is called Bell–LaPadula model (Bell and LaPadula, 1974), which is described in terms of objects (such as relations, views, tuples, and attributes), subjects (such as users and programs), security classes, and clearances. Each database object is assigned a security class, and each subject is assigned a clearance for a security class. SECURITY AND ADMINISTRATION Bell–LaPadula model A popular model for MAC is called Bell–LaPadula model (Bell and LaPadula, 1974), which is described in terms of objects (such as relations, views, tuples, and attributes), subjects (such as users and programs), security classes, and clearances. Each database object is assigned a security class, and each subject is assigned a clearance for a security class. The security classes in a system are ordered, with a most secure class and a least secure class. For our discussion of the model, we assume that there are four classes: top secret (TS), secret (S), confidential (C), unclassified (U), we denote the class of an object or subject A as class (A). Therefore for this system, TS. S. C. U, where A. B means that class A data has a higher security level than class B data. SECURITY AND ADMINISTRATION The Bell–LaPadula model imposes two restrictions on all reads and writes of database objects: (1) Simple Security Property: Subject S is allowed to read object O only if class (S) .5 class (O). For example, a user with TS clearance can read a relation with C clearance, but a user with C clearance cannot read a relation with TS classification. (2) *_Property: Subject S is allowed to write object O only if class (S) ,5 class (O). For example, a user with S clearance can only write objects with S or TS classification. If discretionary access controls are also specified, these rules represent additional restrictions. Thus, to read or write a database object, a user must have the necessary privileges provided through the SQL GRANT command. SECURITY AND ADMINISTRATION Multilevel Relations and Polyinstantiation In order to apply mandatory access control policies in a relational DBMS, a security class must be assigned to each database object. The objects can be at the granularity of relations, tuples, or even individual attribute values. Assume that each tuple is assigned a security class. This situation leads to the concept of a multilevel relation, which is a relation that reveals different tuples to users with different security clearances. A view is the dynamic result of one or more relational operations operating on the base relations to produce another relation. A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request. The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users. The user is not aware of the existence of any attributes or rows that are missing from the view. A view can be defined over several relations with a user being granted the appropriate privilege to use it, but not to use the base relations. SECURITY AND ADMINISTRATION Backup The process of periodically copying of the database and log file (and possibly programs) to offline storage media. A DBMS should provide backup facilities to assist with the recovery of a database following failure. It is always advisable to make backup copies of the database and log file at regular intervals and to ensure that the copies are in a secure location. In the event of a failure that renders the database unusable, the backup copy and the details captured in the log file are used to restore the database to the latest possible consistent state. Journaling The process of keeping and maintaining a log file (or journal) of all changes made to the database to enable recovery to be undertaken effectively in the event of a failure. A DBMS should provide logging facilities, sometimes referred to as journaling, which keep track of the current state of transactions and database changes, to provide support for recovery procedures. The advantage of journaling is that in the event of a failure, the database can be recovered to its last known consistent state using a backup copy of the database and the information contained in the log file. If no journaling is enabled on a failed system, the only means of recovery is to restore the database using the latest backed up version of the database. SECURITY AND ADMINISTRATION Integrity Integrity constraints also contribute to maintaining a secure database system by preventing data from becoming invalid, and hence giving misleading or incorrect results. Encryption The encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key. If a database system holds particularly sensitive data, it may be deemed necessary to encode it as a precaution against possible external threats or attempts to access it. Some DBMSs provide an encryption facility for this purpose. The DBMS can access the data (after decoding it), although there is a degradation in performance because of the time taken to decode it. Encryption also protects data transmitted over communication lines. There SECURITY AND ADMINISTRATION Cryptosystem To transmit data securely over insecure networks requires the use of a cryptosystem, which includes: • an encryption key to encrypt the data (plaintext); • an encryption algorithm that with the encryption key transforms the plaintext into ciphertext; • a decryption key to decrypt the ciphertext; • a decryption algorithm that with the decryption key transforms the ciphertext back into plaintext. One technique, called symmetric encryption, uses the same key for both encryption and decryption and relies on safe communication lines for exchanging the key. However, most users do not have access to a secure communication line, and to be really secure, the keys need to be as long as the message (Leiss, 1982). However, most working systems are based on user keys shorter than the message. SECURITY AND ADMINISTRATION Data Encryption Standard (DES) One schema used for encryption is the Data Encryption Standard (DES), which is a standard encryption algorithm developed by IBM. This scheme uses one key for both encryption and decryption, which must be kept secret, although the algorithm need not be. The algorithm transforms each 64-bit block of plaintext using a 56-bit key. The DES is not universally regarded as being very secure, and some authors maintain that a larger key is required. For example, a scheme called PGP (Pretty Good Privacy) uses a 128-bit symmetric algorithm for bulk encryption of the data it sends. Keys with 64 bits are now probably breakable by major governments with special hardware, albeit at substantial cost. However, this technology will be within the reach of organized criminals, major organizations, and smaller governments in a few years. Although it is envisaged that keys with 80 bits will also become breakable in the future, it is probable that keys with 128 bits will remain unbeakable for the foreseeable future. The terms “strong authentication” and “weak authentication” are sometimes used to distinguish between algorithms that to all intents and purposes cannot be broken with existing technologies and knowledge (strong) from those that can be (weak). SECURITY AND ADMINISTRATION Asymmetric encryption Another type of cryptosystem uses different keys for encryption and decryption, and is referred to as asymmetric encryption. One example is public key cryptosystems, which use two keys, one of which is public and the other private. The encryption algorithm may also be public, so that anyone wishing to send a user a message can use the user’s publicly known key in conjunction with the algorithm to encrypt it. Only the owner of the private key can then decipher the message. Public key cryptosystems can also be used to send a “digital signature” with a message and prove that the message came from the person who claimed to have sent it. RSA The most well known asymmetric encryption is RSA (the name is derived from the initials of the three designers of the algorithm). SECURITY AND ADMINISTRATION RAID (Redundant Array of Independent Disks) The hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails. This suggests having redundant components that can be seamlessly integrated into the working system whenever there is one or more component failures. The main hardware components that should be fault-tolerant include disk drives, disk controllers, CPU, power supplies, and cooling fans. Disk drives are the most vulnerable components, with the shortest times between failure of any of the hardware components. One solution is the use of Redundant Array of Independent Disks (RAID) technology. RAID originally stood for Redundant Array of Inexpensive Disks, but more recently the “I” in RAID has come to stand for Independent. RAID works on having a large disk array comprising an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance. Performance is increased through data striping: the data is segmented into equalsize partitions (the striping units), which are transparently distributed across multiple disks. SECURITY AND ADMINISTRATION There are a number of different disk configurations with RAID, termed RAID levels. A brief description of each RAID level is given here, with a diagrammatic representation for each of the main levels in. In this figure the numbers represent sequential data blocks and the letters indicate segments of a data block. RAID 0—Nonredundant. This level maintains no redundant data and therefore has the best write performance, as updates do not have to be replicated. Data striping is performed at the level of blocks. A diagrammatic • RAID 1—Mirrored. This level maintains (mirrors) two identical copies of the data across different disks. To maintain consistency in the presence of disk failure, writes may not be performed simultaneously. This is the most expensive storage solution. • RAID 0+1—Nonredundant and Mirrored. This level combines striping and mirroring. • RAID 2—Memory-Style Error-Correcting Codes. With this level, the striping unit is a single bit and Hamming codes are used as the redundancy scheme. . SECURITY AND ADMINISTRATION RAID 3—Bit-Interleaved Parity. This level provides redundancy by storing parity information on a single disk in the array. This parity information can be used to recover the data on other disks should they fail. This level uses less storage space than RAID 1, but the parity disk can become a bottleneck. RAID 4—Block-Interleaved Parity. With this level, the striping unit is a disk block—a parity block is maintained on a separate disk for corresponding blocks from a number of other disks. If one of the disks fails, the parity block can be used with the corresponding blocks from the other disks to restore the blocks of the failed disk. RAID 5—Block-Interleaved Distributed Parity. This level uses parity data for redundancy in a similar way to RAID 3 but stripes the parity data across all the disks, similar to the way in which the source data is striped. This alleviates the bottleneck on the parity disk. RAID 6—P+Q Redundancy. This level is similar to RAID 5, but additional redundant data is maintained to protect against multiple disk failures. SECURITY AND ADMINISTRATION Security in Microsoft Office Access DBMS SQL can be used to control access to a database through the SQL GRANT and REVOKE statements; however, Microsoft Office Access 2010 does not support these statements, but instead provides the following methods for securing a database: • splitting the database; • setting a password for the database; • trusting (enabling) the disabled content in a database; • packaging, signing, and deploying the database. SECURITY AND ADMINISTRATION Splitting the database The most secure way to protect data in a database is to store the database tables separately from the database application objects such as forms and reports. This action is referred to as “splitting” the database; Office Access 2010 provides a Database Splitter Wizard, available through the Access Database button of the Tools options in the Move Data section. Clicking the Access Database button displays the Database Splitter window. The location of the backend database is specified and once copied to the new location, the backend database can be further protected by assigning a password as described in the following section. SECURITY AND ADMINISTRATION Setting a password for the database A simple way to secure a database is to set a password for opening the database. Setting a password is available through the Encrypt with Password option in the File/Info section. Once a password has been set, a dialog box requesting the password will be displayed when the database is opened. Only users who type the correct password will be allowed to open the database. This method is secure, as Microsoft Access encrypts the password so that it cannot be accessed by reading the database file directly. SECURITY AND ADMINISTRATION Trusting (enabling) the disabled content in a database The Trust Center is a dialog box that can be used to trust (enable) the disabled content in a database. The Trust Center can be used to create or change trusted locations and to set security options for Office Access 2010 databases. Those settings affect how new and existing databases behave when they are opened in that instance of Access. Packaging, signing, and deploying the database The Package-and-Sign feature places the database is an Access Deployment (.accdc) file, signs the package, and then places the code-signed package to the desired location. SECURITY AND ADMINISTRATION Oracle provides two types of security: system security and data security. As with Office Access, one form of system security used by Oracle is the standard user name and password mechanism, whereby a user has to provide a valid user name and password before access can be gained to the database, although the responsibility to authenticate users can be devolved to the operating system. A privilege is a right to execute a particular right to execute a particular type of SQL statement or to access another user’s objects. Some examples of Oracle privileges include the right to: • connect to the database (create a session); • create a table; • select rows from another user’s table. In Oracle, there are two distinct categories of privileges: • system privileges; • object privileges. System privileges A system privilege is the right to perform a particular action or to perform an action on any schema objects of a particular type. SECURITY AND ADMINISTRATION Object privileges An object privilege is a privilege or right to perform a particular action on a specific table, view, sequence, procedure, function, or package. Different object privileges are available for different types of object. For example, the privilege to delete rows from the Staff table is an object privilege. Roles A user can receive a privilege in two different ways: (1) Privileges can be explicitly granted to users. For example, a user can explicitly grant the privilege to insert rows into the PropertyForRent table to the user Beech: GRANT INSERT ON PropertyForRent TO username; (2) Privileges can also be granted to a role (a named group of privileges), and then the role granted to one or more users. For example, a user can grant the privileges to select, insert, and update rows from the PropertyForRent table to the role named Assistant, which in turn can be granted to the selected user. A user can have access to several roles, and several users can be assigned the same roles. SECURITY AND ADMINISTRATION Object privileges An object privilege is a privilege or right to perform a particular action on a specific table, view, sequence, procedure, function, or package. Different object privileges are available for different types of object. For example, the privilege to delete rows from the Staff table is an object privilege. Roles A user can receive a privilege in two different ways: (1) Privileges can be explicitly granted to users. For example, a user can explicitly grant the privilege to insert rows into the PropertyForRent table to the user Beech: GRANT INSERT ON PropertyForRent TO username; (2) Privileges can also be granted to a role (a named group of privileges), and then the role granted to one or more users. For example, a user can grant the privileges to select, insert, and update rows from the PropertyForRent table to the role named Assistant, which in turn can be granted to the selected user. A user can have access to several roles, and several users can be assigned the same roles. SECURITY AND ADMINISTRATION Internet communication It relies on TCP/IP as the underlying protocol. However, TCP/IP and HTTP were not designed with security in mind. Without special software, all Internet traffic travels “in the clear” and anyone who monitors traffic can read it. This form of attack is relatively easy to perpetrate using freely available “packet sniffing” software, as the Internet has traditionally been an open network. Consider, for example, the implications of credit card numbers being intercepted by unethical parties during transmission when customers use their cards to purchase products over the Internet. The challenge is to transmit and receive information over the Internet while ensuring that: • it is inaccessible to anyone but the sender and receiver (privacy); • it has not been changed during transmission (integrity); • the receiver can be sure it came from the sender (authenticity); • the sender can be sure the receiver is genuine (nonfabrication); • the sender cannot deny he or she sent it (nonrepudiation). However, protecting the transaction solves only part of the problem. SECURITY AND ADMINISTRATION Proxy Servers In a Web environment, a proxy server is a computer that sits between a Web browser and a Web server. It intercepts all requests to the Web server to determine whether it can fulfill the requests itself. If not, it forwards the requests to the Web server. Proxy servers have two main purposes: to improve performance and filter requests. Improve performance Because a proxy server saves the results of all requests for a certain amount of time, it can significantly improve performance for groups of users. For example, assume that user A and user B access the Web through a proxy server. First, user A requests a certain Web page and, slightly later, user B requests the same page. Instead of forwarding the request to the Web server where that page resides, the proxy server simply returns the cached page that it had already fetched for user A. Because the proxy server is often on the same network as the user, this is a much faster operation. Real proxy servers, such as those employed by Compuserve and America Online, can support thousands of users. Filter requests Proxy servers can also be used to filter requests. SECURITY AND ADMINISTRATION Advantages Improve performance Because a proxy server saves the results of all requests for a certain amount of time, it can significantly improve performance for groups of users. For example, assume that user A and user B access the Web through a proxy server. First, user A requests a certain Web page and, slightly later, user B requests the same page. Instead of forwarding the request to the Web server where that page resides, the proxy server simply returns the cached page that it had already fetched for user A. Because the proxy server is often on the same network as the user, this is a much faster operation. Filter requests Proxy servers can also be used to filter requests. For example, an organization might use a proxy server to prevent its employees from accessing a specific set of Web sites. SECURITY AND ADMINISTRATION A firewall It is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented as both hardware and software or a combination of both. They are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. There are several types of firewall technique: • Packet filter, which looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is a fairly effective mechanism and transparent to users, but can be difficult to configure. In addition, it is susceptible to IP spoofing. (IP spoofing is a technique used to gain unauthorized access to computers in which the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted source. SECURITY AND ADMINISTRATION • Application gateway, which applies security mechanisms to specific applications, such as FTP and Telnet servers. This is a very effective mechanism, but can degrade performance. • Circuit-level gateway, which applies security mechanisms when a TCP or UDP (User Datagram Protocol) connection is established. Once the connection has been made, packets can flow between the hosts without further checking. • Proxy server, which intercepts all messages entering and leaving Digital Certificates A digital certificate is an attachment to an electronic message used for security purposes, most commonly to verify that a user sending a message is who he or she claims to be and to provide the receiver with the means to encode a reply. An individual wishing to send an encrypted message applies for a digital SECURITY AND ADMINISTRATION Secure Sockets Layer and Secure HTTP Many large Internet product developers agreed to use an encryption protocol known as Secure Sockets Layer (SSL) developed by Netscape for transmitting private documents over the Internet. SSL works by using a private key to encrypt data that is transferred over the SSL connection. The Secure Electronic Transactions (SET) protocol is an open, interoperable standard for processing credit card transactions over the Internet, created jointly by Netscape, Microsoft,Visa, Mastercard, GTE, SAIC, Terisa Systems, and VeriSign. SET’s goal is to allow credit card transactions to be as simple and secure on the Internet as they are in retail stores. To address privacy concerns, the transaction is split in such a way that the merchant has access to information about what is being purchased, how much it costs, and whether the payment is approved, but no information on what payment method the customer is using. Similarly, the card issuer (for example,Visa) has access to the purchase price but no information on the type of merchandise involved. SECURITY AND ADMINISTRATION Java Safety and security are integral parts of Java’s design, with the “sandbox” ensuring that an untrusted and possibly malicious application cannot gain access to system resources. To implement this sandbox, three components are used: a class loader, a bytecode verifier, and a security manager. The safety features are provided by the Java language and the Java Virtual Machine (JVM), and enforced by the compiler and the runtime system; security is a policy that is built on top of this safety layer. Two safety features of the Java language relate to strong typing and automatic garbage collection. In this section we look at two other features: the class loader and the bytecode verifier. SECURITY AND ADMINISTRATION The class loader, as well as loading each required class and checking it is in the correct format, additionally checks whether the application/applet violates system security by allocating a namespace. Namespaces are hierarchical and allow the JVM to group classes based on where they originate (local or remote). A class loader never allows a class from a less protected namespace to replace a class from a more protected namespace. In this way, the file system’s I/O primitives, which are defined in a local Java class, cannot be invoked or indeed overridden by classes from outside the local machine. An executing JVM allows multiple class loaders, each with its own namespace, to be active simultaneously. As browsers and Java applications can typically provide their own class loader, albeit based on a recommended template from Sun Microsystems, this may be viewed as a weakness in the security model. SECURITY AND ADMINISTRATION The Byte code verifier Before the JVM will allow an application/applet to run, its code must be verified. The verifier assumes that all code is meant to crash or violate system security and performs a series of checks, including the execution of a theorem prover, to ensure that this is not the case. Typical checks include verifying that: • compiled code is correctly formatted; • internal stacks will not overflow/underflow; • no “illegal” data conversions will occur (for example, integer to pointer)—this ensures that variables will not be granted access to restricted memory areas; • bytecode instructions are appropriately typed; • all class member accesses are valid. SECURITY AND ADMINISTRATION The Data Administration (DA) and Database Administrator (DBA) are responsible for managing and controlling the activities associated with the corporate data and the corporate database, respectively. The DA is more concerned with the early stages of the lifecycle, from planning through to logical database design. In contrast, the DBA is more concerned with the later stages, from application/physical database design to operational maintenance. SECURITY AND ADMINISTRATION The Database Administration The management of the data resource, which includes database planning, development, and maintenance of standards, policies and procedures, and conceptual and logical database design. Data administration The DA is responsible for the corporate data resource, which includes noncomputerized data, and in practice is often concerned with managing the shared data of users or application areas of an organization. The DA has the primary responsibility of consulting with and advising senior managers and ensuring that the application of database technologies continues to support corporate objectives. In some enterprises, data administration is a distinct functional area; in others it may be combined with database administration. SECURITY AND ADMINISTRATION SECURITY AND ADMINISTRATION Database administration The management of the physical realization of a database system, which includes physical database design and implementation, setting security and integrity controls, monitoring system performance, and reorganizing the database, as necessary. The database administration staff are more technically oriented than the data administration staff, requiring knowledge of specific DBMSs and the operating system environment. Although the primary responsibilities are centered on developing and maintaining systems using the DBMS software to its fullest extent, DBA staff also assist DA staff in other areas, as indicated in Table 20.4. The number of staff assigned to the database administration functional area varies, and is often determined by the size of the organization. SECURITY AND ADMINISTRATION SECURITY AND ADMINISTRATION Comparison Data administration staff tend to be much more managerial, whereas the database administration staff tend to be more technical.