Speaking as a slightly paranoid home user.
Every time I add a new device to my network, I do a nmap port scan on it. Something like:
sudo nmap -A -T4 ipaddress
If access to those ports are needed, I'll do some poking on them, depending on what they are and probably some research to determine if they have had any security issues, and do a risk analysis.
Work follows a completely different model. Everything is blocked, there are various levels of approvals needed to open any ports. External access directly to internal systems without proxies/frontends/webheads is almost never granted. Periodic reviews, pen testing and renewals for exceptions are mandatory.