Hardening Mikrotik

March 22, 2017 | Author: Digit Oktavianto | Category: N/A

Share Embed Donate

Report this link

Short Description

Hardening Mikrotik...

Description

Mikrotik Router Hardening — Manito Networks

1 of 11

http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

8/25/2016 10:20 PM

Mikrotik Router Hardening — Manito Networks

2 of 11

http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

/interface print

/interface set 3,4 disabled=yes

8/25/2016 10:20 PM

Mikrotik Router Hardening — Manito Networks

3 of 11

http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

8/25/2016 10:20 PM

Mikrotik Router Hardening — Manito Networks

4 of 11

http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

/ip service disable 0,1,2,4,5,7 /tool bandwidth-server set enabled=no /ip dns set allow-remote-requests=no /ip socks set enabled=no

/ip ssh set strong-crypto=yes

tool mac-server set [find] disabled=yes

8/25/2016 10:20 PM

Mikrotik Router Hardening — Manito Networks

5 of 11

http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

tool mac-server mac-winbox set [find] disabled=yes tool mac-server ping set enabled=no

/ip service print /tool mac-server print /tool mac-server mac-winbox print /tool mac-server ping print

/tool romon set enabled=no

8/25/2016 10:20 PM

Mikrotik Router Hardening — Manito Networks

6 of 11

http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

/ip firewall address-list

add address=192.168.0.0/16 list=Bogon add address=10.0.0.0/8 list=Bogon

add address=172.16.0.0/12 list=Bogon add address=127.0.0.0/8 list=Bogon add address=0.0.0.0/8 list=Bogon

add address=169.254.0.0/16 list=Bogon

/ip firewall filter

add chain=input comment="Accept Established / Related Input" connection-state=established,related

add chain=input comment="Allow Management Input" src-address=10.1.157.0/24

add action=drop chain=input comment="Drop Input" log=yes log-prefix="Input Drop"

add action=fasttrack-connection chain=forward comment="Fast Track Established / Related Forward" connectionstate=established,related

add chain=forward comment="Accept Established / Related Forward" connection-state=established,related

add chain=forward comment="Allow client LAN traffic out

WAN" out-interface=ether1-gateway src-address=192.168.0.0/24 add action=drop chain=forward comment="Drop Bogon Forward -> Ether1" in-interface=ether1-gateway log=yes

log-prefix="Bogon Forward Drop" src-address-list=Bogon

add action=drop chain=forward comment="Drop All Forward"

8/25/2016 10:20 PM

Mikrotik Router Hardening — Manito Networks

7 of 11

http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

/user set 0 password=mygreatpassword /user set 0 name=tikadmin

8/25/2016 10:20 PM

Mikrotik Router Hardening — Manito Networks

8 of 11

http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

/ip neighbor discovery settings set default=no default-

for-dynamic=no

/ipv6 nd set [find] disabled=yes

/ip neighbor discovery set [find] discover=no

/ip settings set rp-filter=strict

8/25/2016 10:20 PM

Mikrotik Router Hardening — Manito Networks

9 of 11

http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

/system note set show-at-login=yes

/system note set note="Authorized administrators only. Access to this device is monitored."

/system ntp client set enabled=yes server-

dns-names=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org

8/25/2016 10:20 PM

Mikrotik Router Hardening — Manito Networks

10 of 11

http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

export compact file=backup_config_router01

8/25/2016 10:20 PM

Mikrotik Router Hardening — Manito Networks

11 of 11

http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

8/25/2016 10:20 PM

Hardening Mikrotik

Short Description

Description

Comments

We need your help!