Nice article,

Here is a site dedicated to sql security: http://www.sqlsecurity.com

You'll definately want to run a tool to scan for easily guessed passwords too.

I found a few on my servers.

I've removed the extended stored procedures that they recomend without any major functionality being removed from EM. EM is mostly useless anyways. If you can't live without it you probably should learn a bit more about MSSQL before becoming a DBA.

Also check out SQLPing if you want to scan your subnet for insecure servers.

Thanks,

Dan