Would it not also be a good idea/practice *not* to ever let a MS SQL server (or *any* database server) sit on a network that is directly accessible from the internet ? Having a firewall(s) in front of your database server regardless of the type is pretty much common sense, right?
Its bad enough to be stuck having to run/support IIS and MSSQL in any scenario, but letting MSSQL talk to the world just seems like asking for even more trouble.
That depends on what you are using the server for - it might be used by various offices around the world, or to interface with other corporations platforms etc. Ideally this would be in a secured VPN or at the very least be limited by IP address, but MS SQL admins are not alone in the pretend everything will be ok from a security standpoint. Neil. -- Neil J. McRae - Alive and Kicking neil@DOMINO.ORG