LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What does "minimize attack surface" mean and how do you achieve it?

Cut down every point an attacker can touch — disable unused features/ports/accounts and reduce code — because each one is a potential way in.

Reduce the total number of points where an attacker could interact with your system.

How to minimize:

  • Remove unnecessary features — Disable admin panels, remove sample apps
  • Close unused ports — Only expose 80/443 if that's all you need
  • Reduce code — Less code = fewer bugs. Delete dead code, minimize dependencies
  • Limit network exposure — Internal services shouldn't be internet-accessible
  • Restrict input points — Fewer forms, fewer API endpoints = fewer attack vectors
  • Remove default accounts — Delete or disable vendor defaults
  • Minimize permissions — Services should only access resources they need

Example: A default Tomcat installation exposes manager apps, example servlets, and status pages. Each is an attack vector. Removing them immediately reduces what attackers can target.

Go deeper:

From Quiz: SPRG / Secure Architecture & Design | Updated: Jul 05, 2026