Securing your router is the primary importance thing you should do in order to secure your network from the hands of hacker.
If you have configure everything done completely for your network, and someone from outside access your router and do factory reset, you maybe want to die :’(
Don’t worry ! In this tutorial I give you 5 tip to secure your MikroTik router.
#1. Change default username/password
By default MikroTik username is admin and password is blank, so other people can scan your network and access to your router easily. It’s recommend to change your default username and password. If you allow someone access to your router, you should assign permission to them via the group policy or permit them able to access from specific IP only.
Go to system > users
#2. Change default port of a service
If you hear about the port 22, you will know it’s port of SSH service. Don’t use default SSH port. The hacker may try to access to your router through this port. You can fix this problem by change the default port and disable service you don’t need or enable service for some trusted IP only.
Go to IP > service
#3 Set firewall rule
You can protect your router, by setting the firewall rule to permit only specific IP can access to your router. Also note in this case if you have other service to run like NTP, GRE tunnel or some routing protocol like BGP,ospf, you need to add rule to permit on your firewall rule.
Goto IP > Firewall > Filter
#4 Disable neighbour discovery
Firewall effect only to layer 3 and up. So it’s mean firewall rule will not effect to user who try to access to your router through Layer 2. That’s why in the router we should enable MikroTik Neighbour Discovery Protocol(MNDP) only to trusted interface.
Goto IP > Neighbor
#5 Logging and NTP
After configure everything done, you should keep monitor router log to make sure nobody can get into your router. Timer is so importance to make your log meaningful and easy to troubleshooting when something go wrong. So you should configure NTP client to auto synchronize timer with NTP server.