While working on the new edition of our book for after RTM, I've been looking around for security features that I missed or that didn't exist when we wrote it (May 2004 and before). Here's one:
In SQL Server 2005, you can DISABLE a LOGIN by using ALTER LOGIN. You can also change the name of any LOGIN (including 'sa'), making things more like Windows security. You would change the name of the sa account to give hackers one more item to guess. Here's how.
ALTER LOGIN sa WITH NAME = fred
– fred (sa) on vacation
ALTER LOGIN fred DISABLE
– When the sa returns from vacation
ALTER LOGIN fred ENABLE