Increasing the security of the Mikrotik web page?
In what sense? No management interface of any device should be directly exposed to internet; the default firewall rules of SOHO models of Mikrotik ensure that. To avoid sending usernames across the network (even LAN) in plaintext, you can disable the http, telnet and api management interfaces completely and allow only ones from the (api-ssl, ssh, https, Winbox) list, all of which send data encrypted; for https and api-ssl, you have to install a certificate first.
The target audience of the large models that come with no default configuration is supposed to be capable of configuring them properly before connecting them to the network.
So can you be more specific whether your post is a question what should you do or a suggestion what should Mikrotik developers do?
ROS 7.0beta3 ??
That’s … over 4 years old ? That version was released 2019-10-22.
Security step 1 already omitted.
Here you got some tips: http://forum.mikrotik.com/t/what-are-the-best-practices-for-securing-a-mikrotik-router-from-external-threats/177761/1
.
.
I don’t want anyone to be able to try multiple usernames and get into the router
I got this picture from the internet. My router is up to date
Webfig and Winbox should only be exposed via trusted channels.
The authentication is made with:
username (default “admin”, you can and should change that)
password (you can choose your own “secure” password)
Access to the router via Webfig, winbox, ssh, etc. should only be from LAN (if possible), preferably only from a given port and from a given IP that is NOT part of the Wi-FI address range/network.
Then if you use a unusual enough user name and a complex enough password the router is secure enough.
Usual xkcd:
https://xkcd.com/538/
at least some fail2ban like mechanism would be an improvement.