Hello,
My company mainly uses Mikrotik devices and my “boss” asked me to redact a document where i discuss about various security protocols and what could be implemented to improve the security of our networks (we own, other than our office net, two small hospital networks and a call center network)…
I structured the document this way:
Security protocol 1 → short description → configuration method → Realistic cases (when to use and when not to)
The following are the methods I listed for now in my document, if you have any suggestion on what to add or what could be neglected it would be very nice of you:
BCP-38 (can’t find any documentation on how to configure on a Mikrotik net), Client Isolation, Calling the Upstream, Port Knocking, Honeypot (can’t find a reliable document that actually describes its functioning and way of configuration in a Mikrotik net), Black Hole Routing (can describe and know how it works but don’t know how to configure in a Mikrotik network)
What I ask you (other than maybe answering my doubts in “()” above) is wether i should add more methods, or if i should neglect some, if any of these methods could be implemented in a network such as the ones i described before and if they could be done in a Mikrotik based network,
Thanks 
Hey. What you wrote is a basic network security. All vendors have that. What Tik created is winbox app with encryption connection, that’s it.
Well, i live in a small village, “network security” here isn’t that much of a deal, the network created by the company don’t have any security features (to make an example, when i miss a user/pass to get into hospital business softwares i Wireshark the hell out of the network and now i have most of the credentials and I could shut down the whole network blindfolded, and i’m a 20 yo student who just googled “how to hack a network” that’s my skill level), this document was asked after a DDoS attack shut down the whole hospital network (3 hospitals were unable to register patients and practises) for almost 3 days, about 30000 patients and 3M entries from the data bank have been erased and even today after almost a month the hospital office where i work is still in complete chaos…
So don’t overestimate us in fact of security XD
Up here we’re our own provider
That’s a story From a scratch, you’ll need a good topology project and firewall in a front of your network with good inbound and outbound policy. Then you need a good layer 2/3 network security features that Tik’s have. Try to throw forces in this direction. This subject is too big to talk about just like that…