-
Notifications
You must be signed in to change notification settings - Fork 119
/
Securing Your MikroTik Router.txt
67 lines (52 loc) · 1.92 KB
/
Securing Your MikroTik Router.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
- Access to a router
Change default username admin to different name, custom name helps to protect access to your rotuer, if anybody got direct access to your router.
/user add name=**myname** password=**mypassword** group=full
/user remove admin
Change password
/password
- Access by IP address
Besides the fact that default firewall protects your router from unauthorized access from outer networks, it is possible to restrict username access for the specific IP address
/user set 0 allowed-address=x.x.x.x/yy
x.x.x.x/yy - your IP or network subnet that is allowed to access your router.
- Disable services on RouterOS
/ip service disable telnet,ftp,www,www-ssl,api,api-ssl
/ip service print
- Changing the Default SSH Port
/ip service set ssh port=2200
/ip service print
- Restrict access by IP Address
/ip service set winbox address=192.168.50.0/24
/ip service set ssh address=192.168.50.0/24
- RouterOS MAC-access
MAC-Telnet
Disable mac-telnet services,
/tool mac-server set allowed-interface-list=none
/tool mac-server print
MAC-Winbox
Disable mac-winbox services,
/tool mac-server mac-winbox set allowed-interface-list=none
/tool mac-server mac-winbox print
MAC-Ping
Disable mac-ping service,
/tool mac-server ping set enabled=no
/tool mac-server ping print
- Bandwidth Test
/tool bandwidth-server set enabled=no
- DNS cache
/ip dns set allow-remote-requests=no
- Other clients services
Disable MikroTik caching proxy,
/ip proxy set enabled=no
Disable MikroTik socks proxy,
/ip socks set enabled=no
Disable MikroTik UPNP service,
/ip upnp set enabled=no
Disable MikroTik dynamic name service or ip cloud,
/ip cloud set ddns-enabled=no update-time=no
- More Secure SSH access
/ip ssh set strong-crypto=yes
/ip ssh print
/ip ssh regenerate-host-key
This will regenerate current SSH host keys, yes? [y/N]: y
/system reboot
Reboot, yes? [y/N]: y