SQL server security

I've installed SQL Server 2000 on our server and setup a database with all the default settings.

How can I lock down the database to prevent unauthoriozed access, either via the web, or via internal systems.

I'm particularly interested in creating a single username and password login, like most ISP's use to maximise the security?

Web resources for SQL Server security

SQLSecurity.com Independent site that provides updates and information on securing SQL Server; lots of good information and free tools
http://www.sqlsecurity.com

10 Steps to Help Secure SQL Server 2000 Microsoft provides the base-line recommendations that will go a long way toward helping users secure their SQL Server systems
http://www.microsoft.com/sql/techinf...gsqlserver.asp

Microsoft Baseline Security Analyzer Free Microsoft tool for finding unpatched Windows systems and applications on networks
http://www.microsoft.com/technet/tre...hnet/security/ tools/mbsahome.asp

Cheers Smokie.

I was just looking at the baseline security analyser too!

Block 1433 on your firewalls, change the port to be some other random number - e.g. 55124

Make sure SA has a VERY strong password, and make sure you write it down and keep it under lock and key, then set up another slightly less privilaged account for your database work.

Make a seperate IIS account which can have very limited privilages. (i.e. no create, alter etc...)

And read the links from smokie