Please also see the video I made on the same subject.
Having a solid security practise in place is one of the most important things you can do when setting up your router. There are a huge number of things MikroTik RouterOS can do and be scripted to do but this is one of the fundamental things you should take the time to do yourself and be intimate with. I cannot stress enough how much a solid security routine is.
Securing RouterOS isn’t something I can write a script to help you with however the video I made should give some help with this and also I’m hoping the below pointers will also help you to secure your RouterOS device to ensure as best possible security as you can for you, your router and the clients behind it.
- The first and probably simplest is changing the admin password. Simple things but some people do miss it. This is done through System>Password. Enter your new password in twice for confirmation and you’re good to go!
- Extending the first pointer a bit, I like to actually remove the default “admin” account. To do this you go into System>Users and add a new user with “Full” access. Close Winbox and then log back in with your new username to ensure it has full write privilege and then either remove or disable the default admin account or you can change it to read only.
- The next pointer is a fairly obvious one again, this is simply turning off any services that you don’t need and also moving to non-standard ports for the things you do want to access. This is done through IP>Services. Ideally don’t have it active if you don’t need it.
- The final point I have when securing your device is by using the built in firewall to protect the router from unauthorised access. If you “need” to have remote access then you can either specify this in the src-address or if there are multiples then you can use the src-address-list. This is done through IP>Firewall using Input rules but make sure you only point it at your WAN interface otherwise you will lose your own LAN IP connectivity.
So that is the end of this guide, again whilst not like most of my other guides with an RSC file you can customise to match your situation. Please do take the time to make sure your router is secure.
The above guide is provided free of charge to do with what you like, please bear in mind though websites aren’t free to run and whilst not compulsory, any donations would be gratefully received.