A while back I wrote a review of Vormetric CoreGuard, an appliance which provides system-level encryption for files. In the review I stated that the solution increased database security, but I didn't really get a chance to explore that topic. Controlling access to certain aspects of the database is only one part of security. You also need to control access at the OS level, and CoreGuard fills this hole rather ni A while back I wrote a review of Vormetric CoreGuard, an appliance which provides system-level encryption for files. In the review I stated that the solution increased database security, but I didn’t really get a chance to explore that topic. Controlling access to certain aspects of the database is only one part of security. You also need to control access at the OS level, and CoreGuard fills this hole rather nicely.The grim reality is that databases can be hacked very easily from an OS level and there’s really little even the best DBAs can do about it. I was reminded about the dangers of this kind of attack in the SQL Server Professional newsletter a couple months or so back. I’m expanding on that example here. What follows is a trick you can pull out to get your system back should someone take control, but you can also use it to gain control. Here’s how it works: To gain full admin access to a SQL Server database, simply stop the service. Then copy the master.mdf and mastlog.ldf files to any other server that already has SQL Server on it. From here, you have a couple choices. You can attach it under a different name like masterHack, or whatever you like. Then look in the sysxlogins table, and using either a hex editor or another copy of SQL, simply set the sa password to whatever you like and replace the value in the password column with the hex value of what you typed. The easiest way to do this is to simply create a local SQL account and set the password to null. Then, just set the sa password to that value with a simple join. After that, just detatch the database, and copy the files back to the original server and put them in the same place they were. Turn the service back on and you now have full access to SQL Server. It’s really that easy. Now that you have access, go ahead and lock out the rest of the admins so they can’t take control back. Depending on the security they’ve set up in their environment, feel free to connect to any other SQL box you find and lock the admins out of that too, and if you’re lucky enough for them to be running SQL under a domain account with elevated privileges, then go ahead and use xp_cmdshell to execute any DOS command you like. Gaining sa access of a SQL box can be an extremely powerful thing, and I would say that most companies don’t realize how much power their DBAs have. This method isn’t limited to SQL Server either. In fact, most databases have a similar method for hacking into their environment. True, you have to have some level of access to begin with, but that doesn’t have to be Windows admin access. You just need rights to act as a service, and plenty of programs have that, and plenty of developers have the passwords to those accounts. Using CoreGuard to encrypt your database files and then restrict access to a digitally signed version of your RDBMS on that box will stop this type of attack cold. Think about it. This is one of those big security holes that everyone talks about, yet few take reasonable steps to prevent. And again, you can use this same method to regain control of your environment as long as you haven’t been completely locked out. From SQL you can lock out all Windows admins, change IPs, create shares, FTP sensitive data up to your server… whatever you like.This is no game. Don’t end up on the unfortunate end of an OS-level attack, wishing you had done something when you had the chance. Databases