The inclusion of Internet of Things (IoT) for building smart cities, smart health, smart grids, and other smart concepts has driven data-driven decision making by managers and automation in each domain. However, the hyper-connectivity generated by IoT networks coupled with limited default security in IoT devices increases security risks that can jeopardize the operations of cities, hospitals, and organizations. Strengthening the security aspects of IoT devices prior to their use in different systems can contribute to minimize the attack surface. This study aimed to model a sequence of seven steps to minimize the attack surface by executing hardening processes. Conducted a systematic literature review using Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) techniques. In this way, we were able to define a proposed methodology to evaluate the security level of an IoT solution by means of a checklist that considers the security aspects in the three layers of the IoT architecture. A risk matrix adapted to IoT is established to evaluate the attack surface. Finally, a process of hardening and vulnerability analysis is proposed to reduce the attack surface and improve the security level of the IoT solution.