In this article i will show you how to Secure MikroTik RouterOS.
Creating New Username
Its a best practice to Remove default Username “admin” and create a new Username.
✦ Click on System -> Users -> Click on Add Button -> Enter Name (Like support) -> Group Select full from Drop Down Menu -> Password -> Confirm Password and Click on Apply & OK.
Remove Default Username “admin”
✦ Click on System -> Users -> Select Default Username admin -> Click on Remove Button.
Upgrading Firmware to the Latest Version
✦ MikroTik always recommend to Upgrade the Firmware to Latest Version and keep your device up to date. you can Follow my previous Blog “Upgrading MikroTik RouterOS Firmware using Winbox” to Upgrade the Firmware to Latest Version.
Changing Services Port No
✦ Click on IP -> Services -> Double Click the Service -> Change the Port No and Click on Apply & OK.
api – 8728
api-ssl – 8729
ftp – 4021
ssh – 4022
telnet – 4023
winbox – 4091
www – 4080
www-ssl – 40443
Disabling Services which are not in Use
✦ Click on IP -> Services -> Select services which are not in Use from the list (like api, api-ssl, ftp, ssh, telnet, www, www-ssl) and Click on Disable Button.
Disable mac-telnet services
✦ Click on Tools -> MAC Server -> Click on MAC Telnet Server -> Allowed Internet List change to none from Drop down Menu and Click on Apply & OK.
Disable mac-winbox services
✦ Click on Tools -> MAC Server -> Click on MAC WinBox Server -> Allowed Internet List change to none from Drop down Menu and Click on Apply & OK.
Disable mac-ping service
✦ Click on Tools -> MAC Server -> Click on MAC Ping Server -> Untick MAC Ping Server Enabled and Click on Apply & OK.
Disable Neighbor Discovery
✦ Click on IP -> Neighbors -> Click on Discovery Setting -> Interface change to none and Click on Apply & OK.
Disable Bandwidth Server
✦ Click on Tools -> BTest Server -> Untick Enabled and Click on Apply & OK.
Disable DNS cache
✦ Click on IP -> DNS -> Untick Allow Remote Requests and Click on Apply & OK.
Disable Proxy
✦ Click on IP -> Web Proxy -> Untick Enabled and Click on Apply & OK.
Disable socks proxy
✦ Click on IP -> Socks -> Untick Enabled and Click on Apply & OK.
Disable UPNP service
✦ Click on IP -> UPnP -> Untick Enabled and Click on Apply & OK.
Disable ip cloud
✦ Click on IP -> Cloud -> Untick DDNS Enabled -> Untick Update Time and Click on Apply & OK.
Disable Ethernet/SFP interfaces
✦ Click on Interface -> Select Interface which is not in Use -> Click on Disable Button.
Disable LCD
✦ Click on LCD -> Untick Enabled and Click on Apply & OK.