Home / Security / Run a full external port scan and close unnecessary open ports
Legal & Business · Security Ring

Run a full external port scan and close unnecessary open ports

45-60 min Impact: high Effort: medium ✓ Manual completion

A full external port scan checks which network ports your server exposes to the internet, and closing anything unnecessary directly reduces your actual attack surface, since every open port is a potential entry point regardless of whether you are actively using it.

A web server genuinely only needs a small number of ports open, 80, 443, and restricted 22, every other open port is unnecessary exposure that provides no benefit and real risk.

How to do it

  1. 1
    Run an external port scan against your server
    Tools like Shodan or nmap show exactly what is visible from outside your network.
  2. 2
    Identify what should genuinely be open
    Typically just 80 and 443 for web traffic, and 22 for SSH, ideally restricted by IP.
  3. 3
    Close everything else through your firewall
    Whatever is not genuinely required for your server to function.
  4. 4
    Re-scan to confirm
    Verify only the intended ports remain open.

Common mistakes

How you will know it is done

An external port scan shows only genuinely necessary ports open.

Tools that help

Track this in your hive

The Security Ring turns this into a real, permanent mission — mark it complete once you have genuinely done it.

Open this mission in H.I.V.E. →