- Put a firewall between your server and the Internet.
- Always block TCP port 1433 and UDP port 1434 on your perimeter firewall. If named instances are listening on additional ports, block those too.
- In a multi-tier environment, use multiple firewalls to create screened subnets.
Isolation of services
- Isolate services to reduce the risk that a compromised service could be used to compromise others.
- Never install SQL Server on a domain controller.
- Run separate SQL Server services under separate Windows accounts.
- In a multi-tier environment, run Web logic and business logic on separate computers.
- Don’t Get Pwned on Public WiFi: Use Your Own VPN (tinfoilsecurity.com)
- Firewall Egress Filtering: Why And How You Should Control What’s Leaving Your Network (community.rapid7.com)
- Firewall Management Essentials: Optimizing Rules (securosis.com)
- Simple Stateful Firewall (wiki.archlinux.org)
- Install and Configure Advanced Policy Firewall (APF) (pawapv.wordpress.com)