Cyber Doc logo Cyber Doc
Cybersecurity Term

What is port scanning?

Checking which network services are reachable so exposure can be understood or targeted.

Network Security Last reviewed: 2026-05-20

← Back to Learn Centre

What is port scanning?

Port scanning is the process of checking which network services are reachable on a device or server.

Simple example

A scan finds that a remote desktop service is exposed to the internet.

Why it matters

Port scanning is not always malicious, but attackers use it to find exposed services and potential entry points.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Know which services are exposed to the internet.
  • Close or restrict unnecessary ports.
  • Use firewalls and VPNs for administrative access.
  • Monitor for repeated scanning against important systems.
  • Keep exposed services patched.

Reactive steps

  • Review firewall and server logs.
  • Confirm whether exposed services are intentional.
  • Block or restrict risky access if needed.
  • Patch exposed systems.
  • Investigate further if scanning is followed by login attempts or exploitation.

Related terms

  • Attack surface
  • Firewall
  • Vulnerability assessment