Follow the principle of least privilege for the accounts used to run and connect to SQL Server to restrict the capabilities of an attacker who manages to execute SQL commands on the database server. Also apply strong password policies to counter the threat of dictionary attacks.
In this step, you:
Secure the SQL Server service account.
Delete or disable unused accounts.
Disable the Windows guest account.
Rename the administrator account.
Enforce strong password policy.
Restrict remote logins.
Disable null sessions (anonymous logons).
Run the SQL Server service using a least privileged account to minimize the damage that can be done by an attacker who manages to execute operating system commands from ...