I want to make sure the MikroTik’s we install are secure. If they are password protected, is there any way someone can get into the OS while on site if they don’t know the username and password? Are there any backdoors or is there any other way to get in? Can someone pull the programming off the router or make a backup without the password? If so, is there a way to prevent this? Thanks.
Everyone can reset the router to its defaults or run netinstall. Then it is accessible easily. Read about routerboot protection for this case.
Correct, but if they do that, the programming that was on the router is gone, and they cannot access that specific programming, right? They only have a factory defaulted router?
Script file with config before reset can appear. Try it…
And this can be prevented with what you mentioned above?
is it possible not to be able to reset also? brick device?
Looks like the reset button can be disabled or surely it can be removed from the device.
nice idea. you mean that a script can run after a reset and apply a password to the device so undesired people cant take control of the device if they stole it?
this make the device unaccesible forever?
I have seen such discussion here recently. Look for it. If I remember well such script was not able to set users. Anyway, you can load your defaults script via netinstall. Then this will be used when device is reset.
Can someone post a step by step on how to do this with an example?