What is an Attack Surface?

Attack Surface

An attack surface is the total number of potential entry points where an unauthorised user can attempt to gain access to a system.

It includes hardware, software, and network vulnerabilities, as well as human factors like weak passwords or untrained personnel. Reducing the attack surface is a key security practice, as a smaller attack surface means there are fewer ways for a malicious actor to infiltrate the system.

Common strategies for minimising the attack surface include network segmentation, removing unnecessary services, and tightening access controls.