Remove or disable unused drivers from your database.
Periodically check for and remove any new unused drivers, especially after updates or patches.
Configure your database drivers to maximum security.
Configure your database drivers to intelligently log access activity.
Review your network topology and security needs to design a firewall layout best suited for your environment.
Assume worst-case scenarios when designing your firewall layout.
Always provide and utilize the minimum required access and permission
Use firewalls to restrict inappropriate access.
Use IPSec or SSL to restrict who can connect to your database.
Keep your database software up to date.
Disable or remove unused features of your database.
Strengthen weak default passwords and permissions.
Use roles to apply the rule of least privileged accounts.
Use Windows Authentication whenever possible.
Keep database connection strings secure.
Set strong passwords for the sa and db_ accounts. Do not use these accounts in your applications.
Code a variety of protections against SQL injection, not just one method.
Escape user input upon insertion into and retrieval from the database.
Use SqlParameters to type and length-check user input.
Process and resolve all errors on the server side.
Enforce the rule of least privilege in the code and in the database account.
Retrieve the minimum required data from the database.
Check result sets for expected attributes.
Use coding structures that emphasize security.
Lock down your file system with both IIS and NTFS settings.
Do not allow users to influence the name of files created on the server.
Restrict the quantity and/or size of files users can create on the server.