Attack Surface

The attack surface is, in NIST's words, "the set of points on the boundary of a system, a system component, or an environment where an attacker can try to enter, cause an effect on, or extract data from" that system. Every open port, exposed service, browser extension, USB connection, wireless radio, account, and dependency you run adds to it. The larger the surface, the more ways something can go wrong, so shrinking it is one of the highest-leverage moves in personal security.

What expands your surface

For a sovereign Bitcoiner the surface includes obvious things like a hot wallet on an internet-connected phone, and less obvious ones: a router with default credentials, a mining rig's web dashboard exposed to the LAN, cloud-synced clipboard history that could leak an address, or a seed backup stored anywhere a remote attacker can reach. Each integration you add for convenience typically widens the surface.

Reducing the surface

Attack surface reduction means eliminating unnecessary functionality, services, permissions, and entry points so an attacker simply has fewer options. Practical steps include keeping signing keys on a dedicated offline device, disabling unused radios and services, removing browser extensions you do not need, segmenting the network your miners sit on, and treating every new app or device as something that must justify the surface it adds. The goal is not zero surface, which is impossible if the system is useful, but the smallest surface consistent with what you actually need to do.

A small surface is the physical complement of a good threat modeling exercise and underpins the "never trust, always verify" stance of zero trust architecture.