Hi, Security Experts:
I have a question regarding server security.
How much value is there in restricting user access to only the TCP/UDP ports they need to communicate on and blocking access to any other open ports?
The intuitive thing is to think that blocking the unused ports is a good general practice - best practice. But does that really prevent or even mitigate a hacker (user) from launching a DoS attack on the server on the TCP port that is supposed to be open?
In other words, whether 20 ports are open or only one, does it really make a qualitative difference? What stops the hacker from launching, say, a TCP SYN attack on the open TCP port?
In short, is there really much gained in blocking those other ports.
I am looking for more than just a "general rule of thumb" answer becaue I know what that rule is already. I would like a more in-depth answer that specifically addresses the ability to disbale a server even if only one port is open.