basic mikrotik router’s security · titas sarker founder (tsoft it) system administrator (enosis...
TRANSCRIPT
![Page 1: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/1.jpg)
Basic MikroTik Router’s Security
Tsoft IT1
![Page 2: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/2.jpg)
Presented by:
Titas Sarker
Founder (Tsoft IT)
System administrator (Enosis Solutions)
Certificates:(MTCNA,MTCRE,RHCE)
Basic MikroTik Router’s
SecurityTsoft IT
2
![Page 3: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/3.jpg)
LCMCAgenda Page noReason for security 04How to secure our network? 05Administrative Users credentials 06-07Winbox default ports 08-09MAC-access restriction 10-11Site restriction 12-15Virus port filtering 16-17Log server 19-21Reference 22Conclusion 23
3
![Page 4: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/4.jpg)
Reason for security
4
Basic MikroTik Router’s
SecurityTsoft IT
Remedy unauthorized people to access to the network
Intruder detection purpose
Taking necessary action for fix the issue.
Protect information and infrastructure.
![Page 5: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/5.jpg)
How to secure our network?
5
Basic MikroTik Router’s
SecurityTsoft IT
Administrative Users credentials
Winbox default ports
MAC-access restriction
Site restriction
Virus port filtering
Log server
![Page 6: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/6.jpg)
Administrative Users credentials
Basic MikroTik Router’s
SecurityTsoft IT
6
Mikrotik router’s default username is “admin”. If it is kept to the default
username, it can be assumed very easily. So it is recommended to
change the username and set a strong password for the admin
privileged user.
![Page 7: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/7.jpg)
Administrative Users credentials
Basic MikroTik Router’s
SecurityTsoft IT
7
How to change credentials?
Log in Winbox
Click on System
Click on Users
Note: user & Password
![Page 8: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/8.jpg)
Winbox default ports
Basic MikroTik Router’s
SecurityTsoft IT
8
Usually we use Winbox application to log in to MikroTik router’s admin panel. Winbox
runs on default port 8291. If the default port is changed to a custom port it would
require the exact port number to browse the admin panel. It will be a secured way
when logging in using IP, username and password.
![Page 9: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/9.jpg)
Winbox default ports
Basic MikroTik Router’s
SecurityTsoft IT
9
How to change defaults ports
numbers?
Log in Winbox
Click on IP
Click on Services
![Page 10: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/10.jpg)
MAC-access restriction
Basic MikroTik Router’s
SecurityTsoft IT
10
MAC access RouterOS has built-in options for easy management access to network
devices. But the particular services should be shutdown on production networks for
security purpose.
![Page 11: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/11.jpg)
MAC-access restriction
Basic MikroTik Router’s
SecurityTsoft IT
11
How we can configure it?
Log in Winbox
Click on Tools
Select Winbox Interfaces
Finally disable “all”
![Page 12: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/12.jpg)
Site restriction
Basic MikroTik Router’s
SecurityTsoft IT
12
How to configure it?
Log in Winbox
Click on IP
Click on Firewall
Click on layer 7 Protocols ’+’
Mikrotik router can be used to prevent access to selected websites if required (i.e.
adult sites, social media, entertainment websites etc.).
![Page 13: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/13.jpg)
Site restriction
Basic MikroTik Router’s
SecurityTsoft IT
13
Filter rule>
General>src addreess
![Page 14: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/14.jpg)
Site restriction
Basic MikroTik Router’s
SecurityTsoft IT
14
Advanced>Layer7 protocol
![Page 15: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/15.jpg)
Site restriction
Basic MikroTik Router’s
SecurityTsoft IT
15
Action>drop
![Page 16: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/16.jpg)
Site restriction result
Basic MikroTik Router’s
SecurityTsoft IT
16
So that if he/she try to visit Facebook now. He/she will not able to visit it.
![Page 17: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/17.jpg)
Firewalls filter keep outside threats away from sensitive data available inside the
network. Whenever different networks are joined together, there is always a threat that
someone from outside of your network will break into your LAN. MikroTik router’s
firewall easily filter virus ports and we can drop it.
Basic MikroTik Router’s
SecurityTsoft IT
17
Virus port filtering
![Page 18: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/18.jpg)
Basic MikroTik Router’s
SecurityTsoft IT
18
How to block all the virus ports in
MikroTik?
Log in Winbox
Click on IP
Click on Firewall
Filter rules “+”
Virus port filtering
![Page 19: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/19.jpg)
Log server
Basic MikroTik Router’s
SecurityTsoft IT
19
How to configure it?
Log in Winbox
Click on System
Click on Logging
Click on Actions
MikroTik RouterOS is capable of logging various system events and status information.
As well, MikroTik router’s Logging is configured for view who is visiting which website. If
anyone tries to visit any unauthorized site then we can easily track it.
![Page 20: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/20.jpg)
Log server
Basic MikroTik Router’s
SecurityTsoft IT
20
Steps:
Log in Winbox
Click on System
Click on Logging
Click on Rules
![Page 21: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/21.jpg)
Log server’s output
Basic MikroTik Router’s
SecurityTsoft IT
21
Here we are use Kiwi Syslog for view purpose
![Page 22: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/22.jpg)
Reference
Basic MikroTik Router’s
SecurityTsoft IT
22
MikroTik wiki (https://wiki.mikrotik.com/wiki/)
MikroTik website(https://mikrotik.com/)
MikroTik Forum (https://forum.mikrotik.com/)
![Page 23: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/23.jpg)
Conclusion
Basic MikroTik Router’s
SecurityTsoft IT
23
Awareness is the key to security.
![Page 24: Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security](https://reader033.vdocuments.mx/reader033/viewer/2022041617/5e3c8ead94a0f41e513f323b/html5/thumbnails/24.jpg)
THANK YOU
MUM, Dhaka, Bangladesh
24
www.tsoftit.com