The
attack surface is the total set of entry points an attacker can use — open ports, services, user accounts, APIs, physical access points, and human targets.
Reducing attack surface is a fundamental security principle. Every unnecessary service, port, or account is potential attack surface. Hardening reduces attack surface. Defense in depth protects what remains.