Securing MikroTik RouterOS

In this article i will show you how to Secure MikroTik RouterOS.

Creating New Username

Its a best practice to Remove default Username “admin” and create a new Username.
✦ Click on System -> Users -> Click on Add Button -> Enter Name (Like support) -> Group Select full from Drop Down Menu -> Password -> Confirm Password and Click on Apply & OK.

Remove Default Username “admin”
✦ Click on System -> Users -> Select Default Username admin -> Click on Remove Button.

Upgrading Firmware to the Latest Version
✦ MikroTik always recommend to Upgrade the Firmware to Latest Version and keep your device up to date. you can Follow my previous Blog “Upgrading MikroTik RouterOS Firmware using Winbox” to Upgrade the Firmware to Latest Version.

Changing Services Port No
✦ Click on IP -> Services -> Double Click the Service -> Change the Port No and Click on Apply & OK.
        api – 8728
        api-ssl – 8729
        ftp – 4021
        ssh – 4022
        telnet – 4023
        winbox – 4091
        www – 4080
        www-ssl – 40443

Disabling Services which are not in Use
✦ Click on IP -> Services -> Select services which are not in Use from the list (like api, api-ssl, ftp, ssh, telnet, www, www-ssl) and Click on Disable Button.

Disable mac-telnet services
✦ Click on Tools -> MAC Server -> Click on MAC Telnet Server -> Allowed Internet List change to none from Drop down Menu and Click on Apply & OK.

Disable mac-winbox services
✦ Click on Tools -> MAC Server -> Click on MAC WinBox Server -> Allowed Internet List change to none from Drop down Menu and Click on Apply & OK.

Disable mac-ping service
✦ Click on Tools -> MAC Server -> Click on MAC Ping Server -> Untick MAC Ping Server Enabled and Click on Apply & OK.

Disable Neighbor Discovery
✦ Click on IP -> Neighbors -> Click on Discovery Setting -> Interface change to none and Click on Apply & OK.

Disable Bandwidth Server
✦ Click on Tools -> BTest Server -> Untick Enabled and Click on Apply & OK.

Disable DNS cache
✦ Click on IP -> DNS -> Untick Allow Remote Requests and Click on Apply & OK.

Disable Proxy
✦ Click on IP -> Web Proxy -> Untick Enabled and Click on Apply & OK.

Disable socks proxy
✦ Click on IP -> Socks -> Untick Enabled and Click on Apply & OK.

Disable UPNP service
✦ Click on IP -> UPnP -> Untick Enabled and Click on Apply & OK.

Disable ip cloud
✦ Click on IP -> Cloud -> Untick DDNS Enabled -> Untick Update Time and Click on Apply & OK.

Disable Ethernet/SFP interfaces
✦ Click on Interface -> Select Interface which is not in Use -> Click on Disable Button.

Disable LCD
✦ Click on LCD -> Untick Enabled and Click on Apply & OK.

Creating New Username

Remove Default Username “admin”

Upgrading Firmware to the Latest Version

Changing Services Port No

Disabling Services which are not in Use

Disable mac-telnet services

Disable mac-winbox services

Disable mac-ping service

Disable Neighbor Discovery

Disable Bandwidth Server

Disable DNS cache

Disable Proxy

Disable socks proxy

Disable UPNP service

Disable ip cloud

Disable Ethernet/SFP interfaces

Disable LCD

Leave a Comment Cancel reply