What does 'system hardening' specifically target in a computer system?

System hardening specifically targets the removal of nonessential programs and services to reduce potential vulnerabilities within a computer system. By eliminating unnecessary software and services, the attack surface is minimized, meaning there are fewer entry points that malicious actors could exploit. This process also helps in ensuring that only the essential functions are operational, which not only enhances security but also improves system performance and stability.

For instance, if a system is running multiple applications or services that are not needed for its primary function, any one of those could potentially contain vulnerabilities that attackers might exploit. Thus, by focusing on removing these nonessential elements, organizations can significantly strengthen their overall security posture.

In contrast, increasing software applications, enhancing direct user access, or simply adding firewalls and antivirus software may not directly contribute to reducing vulnerabilities as effectively as removing unnecessary components does. These approaches might enhance certain functionalities or protections, but they do not specifically focus on fortifying the system by limiting exposure to threats.