>Are those event records failed logins? I've seen that many times when people are working to guess the sa password. Your sa account will get locked out because of the failed attempts, by the way.
>
>First thing to do if possible is make sure TCP port 1433 is not allowed in through the corporate firewall. If your DMZ or otherwise external web server or outside client has to connect to the SQL server, make rules on the firewall or router to only allow 1433 in to the SQL server from specific IP addresses.
Should I also do something from the SQL Server side through Configuration Manager?
Thanks in advance.
If it's not broken, fix it until it is.
My Blog