...
RouterOS has built-in options for easy management access to network devices. The particular services should be shut down on production networks.: MAC-Telnet
...
Disable mac-telnet services, MAC-Winbox, and MAC-Ping:
| Code Block | ||
|---|---|---|
| ||
/tool mac-server set allowed-interface-list=none
/tool mac-server print |
MAC-Winbox
Disable mac-winbox services:
| Code Block | ||
|---|---|---|
| ||
/tool mac-server mac-winbox set allowed-interface-list=none
/tool mac-server mac-winbox print |
MAC-Ping
...
ping |
...
| Code Block | ||
|---|---|---|
| ||
/tool mac-server ping set enabled=no /tool mac-server ping print |
Neighbor Discovery
MikroTik Neighbor discovery protocol is used to show and recognize other MikroTik routers in the network, disable neighbor discovery on all interfaces:
...
RouterOS might have other services enabled (they are disabled by default RouterOS configuration). MikroTik caching proxy, socks, UPnP, and cloud services:
| Code Block | ||
|---|---|---|
| ||
/ip proxy set enabled=no |
MikroTik socks proxy:
| Code Block | ||
|---|---|---|
| ||
/ip socks set enabled=no |
MikroTik UPNP service:
| Code Block | ||
|---|---|---|
| ||
/ip upnp set enabled=no |
MikroTik dynamic name service or IP cloud:
| Code Block | ||
|---|---|---|
| ||
/ip cloud set ddns-enabled=no update-time=no |
More Secure SSH access
RouterOS utilizes stronger crypto for SSH, most newer programs use it, to turn on SSH strong crypto:
...