attack surface

The amount of interface code exposed to external systems which an attacker
could use to gain unauthorized access or to inject exploits into the
system. Keeping the attack surface of a server to a minimum is typically
desirable, and that means removing any unused programs and disabling unused
ports or communications protocols.