You cannot secure what you cannot see. This network assessment used Nmap to build an accurate picture of a server's real exposure — scanning for open ports, fingerprinting the services behind them, and identifying the underlying operating system.
The approach: a staged scan (host discovery, port sweep, service and version detection) to separate the intended, public-facing services from the ports that had quietly been left open. Each finding was reviewed for risk — an exposed database port or a stale service is exactly the kind of thing an attacker probes for first.
The outcome was a clear inventory of the attack surface and a shortlist of ports to close or firewall, turning guesswork into a concrete hardening plan. This reconnaissance is the foundation step in any infrastructure security review I run.