As a network administrator, the first thing you must do is to Secure the Mikrotik Router under your custody, by making sure that all incoming and existing loops to your network are properly closed. By doing this, your have successfully close the gaps that might be taken into “attack loopholes” by irresponsible users.
Mikrotik routers can be mounted outdoor or used indoor, depending on the model of the router. When routers are fixed as outdoor units, they are exposed to so many vulnerabilities such as weather and human attacks.
Sometimes the attack can come from inside source since the inner person has access to the network.
As a network admin it is very important to know the appropriate steps and measures to take in other to secure your network from an unauthorized person. This tutorial is designed to work through some steps to secure your network.
Below I have outlined some basic steps In securing your mikrotik router.
Deactivate Neighbors Discovery.
Deactivate the RoMON feature.
Update the RouterOS version
Change the default admin password and username.
Deactivate Some Services. TFPT, FTP, HTTPS
Deactivate Bandwidth Test Server.
Deactivate the MAC Server feature.
Most routers on air has one common user name, and in most cases attacker usually use some sort of software to run a programe that shows router passwords, so you might probably be a victim in that case,the first thing you can do to secure the Mikrotik Router before your router is discoverable to the internet cloud is to change the default admin username & password Of Mikrotik. You should also replace the default username “admin” to another username
And also add each user administrator so that each of your admin users has their own account to access your router.
By default, the proxy router runs several unencrypted protocols (Telnet, FTP, HTTP, SOCKS) and services that are not needed. Which can be used to “Brute-force attack” on some of these services after your router is exposed in the internet cloud.
If your network does not use the basic service, it is better to deactivate it.
Telnet, FTP, HTTP, SSH and SOCK that are active by default.
One simple I use in disabling these services is by adding a number to the port number of the services to make it useless.
Disable Bandwidth Test Server
A feature that functions to test connections to generate/receive bandwidth test traffic on the proxy. Which can causes the network bandwidth run out and spike the CPU load of your routerboard.
Deactivate the MAC Server feature
It is good to disable MAC Telnet and MAC Winbox Server. That can give the network admin access to the router without an IP Address, by default active on all interfaces – including the WAN / Internet interface. Users in your local network can connect to the router using the MAC Service, and access via the MAC address must be limited to your internal and external networks.
This service can only be activated only on any interface that is used as “management infraces”
Disable Neighbors Discovery
Mikrotik protocol that can make Mikrotik devices discover each other on the same layer network. Like you use “Neighbors” in your winbox that shows router information such as identity router, MAC-Address, IP-Address and ROS version. It is a good idea to deactivate “Neighbors Discovery” in the interface that is connected to the public user (WAN, hotspot client, internet cafe client)
Disable the RoMON feature
For the RoMON feature, you can also disable the feature if you don’t use “device management” to reduce the attack gap.
Update the RouterOS version
By updating your RouterOS version, you can repair bugs and security holes in the previous version.
Thus the initial method of protecting your MikroTik Router, you can further configure the firewall to protect & protect your proxy network with “Intrusion Detection + Prevention System” for MikroTik RouterOS in my next article.