☛ Preferring NT authentication

☛ Using server, database and application roles to control access to the data

☛ Securing the physical database files using NTFS permissions

☛ Using an unusable SA password, restricting physical access to the SQL Server

☛ Renaming the Administrator account on the SQL Server computer

☛ Disabling the Guest account, enabling auditing using multiprotocol encryption,

☛ Setting up SSL, setting up firewalls, isolating SQL Server from the web server