The act of port scanning is impossible to avoid; anyone can choose an IP address and scan it for open ports. To fully defend a corporate network, security teams should do their own scan to see what attackers might uncover during a port scan of their network.
The use of a decent firewall is the best defence against port scanning. Although most good routers come with a firewall, I recommend using a software firewall on any device that connects to the internet. A firewall will not respond to a random scan from the internet since it will prevent anonymous requests.
Typically, port scans generate a large number of requests to various ports or IP addresses in a short period of time. Simple procedures like measuring the number of requested ports for each Source IP Address can quickly detect such port scans.
Hackers transmit a message to each port one at a time during a port scan. The response they get from each port establishes whether or not it's being used, as well as revealing any potential flaws. Security professionals can do port scanning on a regular basis to gather network information and identify any security flaws.
Prevent: Use a firewall to block access to ports and services that should not be accessible to the general public. Access should be limited to known IP addresses. Move critical data and servers behind the network perimeter and use a VPN or other access control to manage access.
Cyber Forensics Masterclass with Hands on learning