Which term describes the process of reducing a device's attack surface by disabling unused features, services, or ports?

Reducing a device's attack surface by turning off unused features, services, or ports is called device hardening. The idea behind hardening is that every active service or open port can be a potential entry point for an attacker, so removing unnecessary capabilities lowers the number of ways a system could be compromised. Practical steps include disabling services and protocols that aren’t needed, closing unused network ports, removing unused apps, applying secure configuration baselines, and enforcing least-privilege access. This is an ongoing practice tied to keeping an accurate asset inventory, applying patches, and maintaining secure defaults. For context, End of Support means a vendor no longer provides updates for a product, which doesn’t describe actively reducing exposure. Containerization isolates applications but doesn’t inherently reduce the device’s attack surface—instead, it changes how software runs. An eFuse is a hardware fuse used to store permanent security states, not a method for reducing attack surface through configuration.