In my eager attempt yesterday to post my findings on SQL Server 2008 great new security features (read more here) I neglected to provide some valuable security information I have accumulated over the last couple of years for the other editions of SQL Server.  

Here is my list of resources I turn to when working on securing SQL Server for a customer:

• SQL Server 2005 Books Online -
  http://msdn.microsoft.com/en-us/library/ms161948.aspx
• SQL Server 2005 Security Best Practices -
  http://www.microsoft.com/technet/prodtechnol/sql/2005/sql2005secbestpract.mspx
• DISA STIG Checklist -
  http://iase.disa.mil/stigs/checklist/db_srr_chklist_sqlserver2005_v8r1-1_20071107.zip
• NSA - SNAC Secure Configuration and Administration of SQL Server 2000 -
  http://www.nsa.gov/snac/downloads_msql.cfm?MenuID=scg10.3.1.2
• NIST - Security Configuration Checklist - Benchmark for SQL Server 2005 -
  http://csrc.nist.gov/checklists/repository/1114.html
• SQL Security.com -
  http://www.sqlsecurity.com

Finally to check my work, I've always turned to the Best practice analyzers

• SQL Server 2005 Best Practices Analyzer -
  http://www.microsoft.com/downloads/details.aspx?FamilyId=DA0531E4-E94C-4991-82FA-F0E3FBD05E63&displaylang=en
• SQL Server 2000 Best Practices Analyzer -
  http://www.microsoft.com/downloads/details.aspx?FamilyID=b352eb1f-d3ca-44ee-893e-9e07339c1f22&displaylang=en