You don't give a lot of info, and your question is very broad. What db, what OS, server, etc?
If you are running on a W2K server, I can help a little. You set up users, and you can set user properties to allow or deny remote access, or control access through remote access policies. This would be the first step.
You can also provide better security for users who work from home by implementing caller ID verification or enforcing callback security.
To use Caller ID, check the Verify Caller ID box and specify a phone number from which the user must dial in. Of course, if they call from the road frequently, this would not work.
To use Call Back, check the Always Callback to option button and enter the phone number from which the remote user will connect. The server will hang up and call the user back at that number. This is more secure than just Caller ID, but again, if they call from the road then this will not work.
However, this is the most secure because even if the users use an easily guessed p/w, a thief will not be able to log in.
However, before I go even further, I need more info from you as to your actual setup.
When in doubt, deny all terms and defnitions.