Why OS hardening reduces attack surface in Cybersecurity - Performance Analysis

We want to understand how the effort to secure an operating system grows as the system size or features increase.

Specifically, how does hardening affect the number of potential attack points?

Analyze the time complexity of this simplified OS hardening process.

for service in running_services:
    if service is unnecessary:
        disable(service)
    else:
        configure_secure(service)

for user in system_users:
    enforce_strong_password(user)
    limit_permissions(user)

apply_security_patches()
    

This code disables unneeded services, secures needed ones, strengthens user accounts, and applies patches.

Look at what repeats as the system grows.

• Primary operation: Looping through services and users to apply security steps.
• How many times: Once per service and once per user, each step runs once per item.

As the number of services and users increases, the work to harden grows proportionally.

Input Size (n)	Approx. Operations
10 services/users	About 20 operations (10 for services + 10 for users)
100 services/users	About 200 operations
1000 services/users	About 2000 operations

Pattern observation: The effort grows steadily as more services and users exist, roughly doubling if the number doubles.

Time Complexity: O(n)

This means the time to harden the OS grows in a straight line with the number of services and users.

[X] Wrong: "Hardening takes the same time no matter how many services or users there are."

[OK] Correct: Each service and user needs individual attention, so more items mean more work.

Understanding how security tasks scale helps you explain your approach to system protection clearly and confidently.

What if we automated the hardening steps for each service and user? How would that change the time complexity?