I have two separate issues for locking down SQL Server. First, is it possible to make SQL Server only "talk" to the computer that it's installed on? I have a small setup where the SQL Server is on the same box as my IIS. Since it's an intranet application the only access to that SQL Server is from the IIS. Is it possible to have SQL Server not respond to any requests from any other computer on the network, but still respond to requests made from that box?
Second, my application is scalable, so it will be used to handle thousands of requests in the near future. If my client institutes a server farm for IIS, then the SQL Server would probably reside on another box. In that case I would only want SQL Server to respond to requests from the computers running IIS. They could probably have static IP's if that would help.