Process of securing a computer system by reducing its attack surface, which indicates the risk of damaging it. A system's attack surface, or surface of vulnerability, is the set of points in which an unauthorized user can attempt to enter or extract data from the system. One of the security measures consists of reducing the attack surface as much as possible.

The more functions a system performs, the larger the attack surface is; in principle a single-function system is more secure than a multipurpose one.

Measures that help to reduce thr risk of attack include changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.