Hello,
to pass security audits, we have to ensure, that administrative access to network devices (like MikroTik RouterBoards) is only possible through secure and encrypted protocols.
For shell access we can use SSH and disable Telnet, for web access we can use HTTPS and disable HTTP, and we can use SNMPv3.
But how to deal with WinBox? Which actually is the most convinient tool to manage RouterOS.
WinBox offers secure connections, but how can I enforce it in RouterOS?
Unfortunately there are no separate services for plaintext and encrypted WinBox, and both use the same TCP port.
This seems to make it quite complicated (if not even impossible) to only allow secure WinBox connections.
Any idea how to achieve this? I'd say this is a basic feature and it is required by most security audits.
kind regards
David