1) Delete Or Disable User Guest
2) Disable Remote Access
3) Change Port 1433 to 2866
4) Enable SSL On Connection ( Force Use Encryption) On Configuration Manager
5) Clear All IP ports On Configuration Manager
6) Add Port 2866 To All Port On Configuration Manager
7) Enable Both Failed And Success Logins
8) Enable Common Criteria Compliance
9) Change sa LOGIN Name (USE Master; ALTER LOGIN [sa] WITH NAME = [FSSA])
10) Disable Dangerous Objects
11) Disable SP_Configure Advanced Option
12) Delete Or Disable sa LOGIN Account
-- Check Sql Server Port Name
Use Master
Go
SELECT DISTINCT
local_tcp_port
FROM sys.dm_exec_connections
WHERE local_tcp_port IS NOT NULL
-- Check Sql Server Listening Port
Use Master
Go
select * from sys.dm_tcp_listener_states
EXEC sp_configure 'xp_cmdshell',0
RECONFIGURE
GO
EXEC sp_configure 'advanced option',0
RECONFIGURE
GO
EXEC sp_configure 'sp_send_dbmail',0
RECONFIGURE
GO
REVOKE Execute ON xp_dirtree FROM PUBLIC
REVOKE Execute on xp_availablemedia FROM PUBLIC
REVOKE Execute on xp_dirtree FROM PUBLIC
REVOKE Execute on xp_enumgroups FROM PUBLIC
REVOKE Execute on xp_fixeddrives FROM PUBLIC
REVOKE Execute on xp_servicecontrol FROM PUBLIC
REVOKE Execute on xp_subdirs FROM PUBLIC
REVOKE Execute on xp_regaddmultistring FROM PUBLIC
REVOKE Execute on xp_regdeletekey FROM PUBLIC
REVOKE Execute on xp_regdeletevalue FROM PUBLIC
REVOKE Execute on xp_regenumvalues FROM PUBLIC
REVOKE Execute on xp_regremovemultistring FROM PUBLIC
REVOKE Execute on xp_regwrite FROM PUBLIC
REVOKE Execute on xp_regread FROM PUBLIC
