...
Start by upgrading your RouterOS version. Some older releases have had certain weaknesses or vulnerabilities, that have been fixed. Keep your device up to date, to be sure it is secure. Click "check for updates" in Winbox or Webfig, to upgrade. We suggest you follow announcements on our security announcement blog to be informed about any new security issues.
Access to a router
...
Change username
Change default username admin to a different name. A custom name helps to protect access to your router if anybody got direct access to your router:
| Code Block | ||
|---|---|---|
| ||
/user add name=myname password=mypassword group=full /user disable admin |
...
Change password
MikroTik routers require password configuration, we suggest using a password generator tool to create secure and non-repeating passwords. With secure password we mean:
...
| Code Block | ||
|---|---|---|
| ||
/user set myname password="!={Ba3N!"40TуX+GvKBz?jTLIUcx/," |
...
Limit the MAC-access
RouterOS has built-in options for easy management access to network devices. The particular services should be shut down on production networks: MAC-Telnet, MAC-Winbox, and MAC-Ping:
...
| Code Block | ||
|---|---|---|
| ||
/ip dns set allow-remote-requests=no |
Other
...
client services
RouterOS might have other services enabled (they are disabled by default RouterOS configuration). MikroTik caching proxy, socks, UPnP, and cloud services:
...