Community discussions

 
jurgenskrause
newbie
Topic Author
Posts: 29
Joined: Thu Feb 27, 2014 1:30 pm

Tips for Mikrotik Beginners

Thu May 14, 2015 10:11 am

I have made a list of basics that is useful for new mikrotik users to know:

Topics include:
1. Secure
1.1 - Users and Passwords
1.2 - Access Ports
1.3 - Protect against brute force hacks
1.4 - Anonymize your connection
2. Manual Backups (and why a backup is not a backup)
3. Blocking Sites
5. Remote wake your computer
6. Remote access to your network

If you have any tips that you consider to be essential, please share them here!
http://binaryheartbeat.blogspot.com/201 ... -tips.html
 
TomosRider
Member Candidate
Member Candidate
Posts: 202
Joined: Thu Nov 20, 2014 1:51 pm

Re: Tips for Mikrotik Beginners

Thu May 14, 2015 10:15 am

Nice topic!
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Tips for Mikrotik Beginners

Thu May 14, 2015 6:07 pm

Good post.

I would like to say, though, that your recommendations about changing the service ports is a bit outdated.
Modern scans pick up everything no matter what port your service is on. The scanner fingerprints the OS from the way packet headers / sequence numbers / etc look, and fingerprints the service ports based on what the scanner sees when it connects to open ports. If it sees an SMTP banner on port 80, and the service responds correctly to "HELO somehost.example.org" guess what - it's logging you as a mail server on port 80. Security through obscurity is not really helping much, and it makes your own life harder having to remember what ports your services really live on.

It's better to make an IP List of trusted sources (e.g. your office's IP, your home's IP, etc), and only allow connections from those IPs. Use the firewall to block this, not the "from addresses" field(s) in ip services. The firewall is much more flexible. After the permanent whitelist, you can allow "transient" access by vpn, or port knocking.

I might also add that insecure services such as telnet / ftp / and www should be disabled or at least limited to ONLY the LAN interfaces.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Tips for Mikrotik Beginners

Thu May 21, 2015 4:00 pm

You are correct zerobytes, but all so called admins have their own learning curve. You also didn't eat the shit of King Salomon. So didn't I. I can admit that I am still learning. Even we are more far away in advance of most of asking people here on the forum and many of their questions look to be so funny and silly for us, just remember that you were in the same situation in the past. Me too. I had many stupid ideas and did many ridiculous things. But it is not a story of this topic.

I am also interested in performance tuning tips, even though I am playing much with firewalls to optimise them so I maybe know something now.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5934
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Tips for Mikrotik Beginners

Thu May 21, 2015 6:12 pm

Biggest tip for beginners is to read the manual. Answers for 90% of the questions can be found in the manual.
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Thu May 21, 2015 7:25 pm

I wish all questioners were reading the manual an used search function of the forum and googled a while before they ask.
 
w0lt
Member
Member
Posts: 484
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Re: Tips for Mikrotik Beginners

Thu May 21, 2015 7:36 pm

Pick a Routerboard that has a serial port. As you learn and experiment, you can easily recover from problems without having to do a complete reset. :D

-tp
MTCNA - 2011

" The Bitterness of Poor Quality Remains Long After the Sweetness of Low Price is Forgotten "

Image

Who is online

Users browsing this forum: MSN [Bot] and 26 guests