Above and beyond basic windows hardening, complex passwords, admin shares, strict ACL only granting access the admins, account lockout, prompt patching, disabling unnecessary services, physically securing the server, what else for general piece of mind is recommended for real high security servers in a windows domain (2003 functional).
Is there anything above and beyond that which will add a further layer of protection piece of mind that it is protected from malicious insiders? This server houses highly sensitive data, and runs MS-SQL Server, essentially acts as a data repository. As it stands I can ping every server in the domain, I can see them all in Explorer, but can’t see any accessible shares. I wondered if there’s anything that can be done to ultimately restrict access to that server above and beyond windows hardening, and if its worthwhile or overkill? If not overkill what could technically still be exploited if all best practice windows hardening is in place, is this were zero day vulnerabilities come into play, or something else?