09163195258 33384456 - 061
aziz.0114@hotmail.com

5Basic Tip to Secure your MikroTik router

5Basic Tip to Secure your MikroTik router
Mikrotik Security
۲۸ تیر ۱۳۹۶

Secure your MikroTik router

۵Basic Tip to Secure your MikroTik router

Securing your router is the primary importance thing you should do in order to secure your network from the hands of hacker.

If you have configure everything done completely for your network, and someone from outside access your router and do factory reset, you maybe want to die :’(

Don’t worry ! In this tutorial I give you 5 tip to secure your MikroTik router.

#۱. Change default username/password

By default MikroTik username is admin and password is blank, so other people can scan your network and access to your router easily. It’s recommend to change your default username and password. If you allow someone access to your router, you should assign permission to them via the group policy or permit them able to access from specific IP only.

Go to system > users

mikrotik security

#۲. Change default port of a service

If you hear about the port 22, you will know it’s port of SSH service. Don’t use default SSH port. The hacker may try to access to your router through this port. You can fix this problem by change the default port and disable service you don’t need or enable service for some trusted IP only.

Go to IP > service
mikrotik security

 

#۳ Set firewall rule

You can protect your router, by setting the firewall rule to permit only specific IP can access to your router. Also note in this case if you have other service to run like NTP, GRE tunnel or some routing protocol like BGP,ospf, you need to add rule to permit on your firewall rule.
Goto IP > Firewall > Filter

mikrotik security

#۴ Disable neighbour discovery

Firewall effect only to layer 3 and up. So it’s mean firewall rule will not effect to user who try to access to your router through Layer 2.  That’s why in the router we should enable MikroTik Neighbour Discovery Protocol(MNDP) only to trusted interface.

Goto IP > Neighbor
mikrotik security

#۵ Logging and NTP
After configure everything done, you should keep monitor router log to make sure nobody can get into your router. Timer is so importance to make your log meaningful and easy to troubleshooting when something go wrong. So you should configure NTP client to auto synchronize timer with NTP server.

ارسال پاسخ