The process of making services less susceptible to attack from malicious software by running least privilege, minimizing resource access, locking down ports and protocols, and generally reduce the damage potential and number of critical vulnerabilities in services.