What is system hardening and what are common hardening practices?

System hardening is the process of reducing the attack surface by eliminating unnecessary functions, services, and access points. Common practices include removing or disabling unnecessary services and ports, changing default passwords and accounts, applying the latest security patches, configuring firewalls to allow only required traffic, enabling audit logging, implementing file system permissions based on least privilege, disabling unnecessary protocols, removing sample files and documentation, and applying security baselines from sources like CIS Benchmarks or DISA STIGs.