Community discussions

MikroTik App
 
Zoliace
just joined
Topic Author
Posts: 3
Joined: Fri Jul 21, 2017 11:12 am

Setup Mikrotik router this Security Defense than Juniper Router??

Tue Jul 06, 2021 2:36 pm

How Can I Setup Mikrotik router this Security Defense than Juniper Router?
This Juniper SSG 5 Security Tab

Flood Defense:

ICMP Flood Protection
Threshold
pps

UDP Flood Protection
Threshold
pps

SYN Flood Protection
Threshold
pps


Block HTTP Components:

Block Java Component
Block ActiveX Component
Block ZIP Component
Block EXE Component
Block Any Component


MS-Windows Defense
WinNuke Attack Protection

Scan/Spoof/Sweep Defense

IP Address Spoof Protection

IP Address Sweep Protection
Threshold
Microseconds

Port Scan Protection
Threshold
Microseconds

TCP Sweep Protection
Threshold
Packets Per Second

UDP Sweep Protection
Threshold
Packets Per Second

Denial of Service Defense

Ping of Death Attack Protection
Teardrop Attack Protection
ICMP Fragment Protection
ICMP Ping ID Zero Protection
Large Size ICMP Packet (Size > 1024) Protection
Block Fragment Traffic
Land Attack Protection

SYN-ACK-ACK Proxy Protection
Threshold
Connections

Source IP Based Session Limit
Threshold
Sessions

Destination IP Based Session Limit
Threshold
Sessions

Protocol Anomaly Reports -- IP Option Anomalies

Bad IP Option Protection
IP Timestamp Option Detection
IP Security Option Detection
IP Stream Option Detection
IP Record Route Option Detection
IP Loose Source Route Option Detection
IP Strict Source Route Option Detection
IP Source Route Option Filter

Protocol Anomaly Reports -- TCP/IP Anomalies
SYN Fragment Protection
TCP Packet Without Flag Protection
SYN and FIN Bits Set Protection
FIN Bit With No ACK Bit in Flags Protection
Unknown Protocol Protection


Finally:
How Can I Setup Malware defender than than Juniper Router?

thanks a lot,
Zoliace
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Setup Mikrotik router this Security Defense than Juniper Router??

Tue Jul 06, 2021 4:15 pm

Assuming you want to replace an edge router for a large business?
My recommendation is to keep the juniper and use the MT for the internal router.
 
Zoliace
just joined
Topic Author
Posts: 3
Joined: Fri Jul 21, 2017 11:12 am

Re: Setup Mikrotik router this Security Defense than Juniper Router??

Tue Jul 06, 2021 4:52 pm

Tahks. but only i have mikrotik router. Another firm have Juniper router.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Setup Mikrotik router this Security Defense than Juniper Router??

Tue Jul 06, 2021 4:58 pm

>useless, read ahead<
Last edited by rextended on Wed Jul 07, 2021 12:56 am, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Setup Mikrotik router this Security Defense than Juniper Router??

Tue Jul 06, 2021 9:50 pm

if worried about emails use a barracuda device..........
https://www.barracuda.com/products/email_protection
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Setup Mikrotik router this Security Defense than Juniper Router??

Wed Jul 07, 2021 12:53 am

!
Thanks to your post, now I want update my post from 2014:
viewtopic.php?f=9&t=83387&p=417380
With all the possible defenses from various form of attack I find.

Now I check-lisk your post, and I modify THIS post removing what done on linked topic and leaving here what remain.

Checklist

Can do that:
Flood Defense:
ICMP Flood Protection
UDP Flood Protection
SYN Flood Protection

"Done"
Block HTTP Components:
Block Java Component
Block ActiveX Component
Block ZIP Component
Block EXE Component
Block Any Component

MikroTik can't do that (is not really full true, but do not make sense today with HTTPS)

Done
MS-Windows Defense
WinNuke Attack Protection

This is controversial, actually can be used as attack only for Windows 95 and Windows NT...
Is the time to change the machine 26 years old than protect it...
For paranoids this is the right rule:
/ip firewall raw
add action=drop chain=prerouting comment="WinNuke attack" dst-port=139 protocol=tcp tcp-flags=urg


Scan/Spoof/Sweep Defense
Done IP Address Spoof Protection
IP Address Sweep Protection
Port Scan Protection
TCP Sweep Protection
UDP Sweep Protection

Denial of Service Defense
Done Ping of Death Attack Protection
Done Teardrop Attack Protection
Done ICMP Fragment Protection
ICMP Ping ID Zero Protection NO, Mikrotik can't do that
Done Large Size ICMP Packet (Size > 1024) Protection
Done Block Fragment Traffic
Done Land Attack Protection

SYN-ACK-ACK Proxy Protection

Can do that:
Source IP Based Session Limit

Can do that:
Destination IP Based Session Limit

Done
Protocol Anomaly Reports -- IP Option Anomalies
Bad IP Option Protection
IP Timestamp Option Detection
IP Record Route Option Detection
IP Loose Source Route Option Detection
IP Strict Source Route Option Detection
IP Source Route Option Filter
IP Security Option Detection
IP Stream Option Detection



Done
Protocol Anomaly Reports -- TCP/IP Anomalies
SYN Fragment Protection
TCP Packet Without Flag Protection
SYN and FIN Bits Set Protection
FIN Bit With No ACK Bit in Flags Protection
Unknown Protocol Protection


"Done"
How Can I Setup Malware defender than Juniper Router?
MikroTik can't do that.
 
Zoliace
just joined
Topic Author
Posts: 3
Joined: Fri Jul 21, 2017 11:12 am

Re: Setup Mikrotik router this Security Defense than Juniper Router??

Mon Jul 12, 2021 3:56 pm

Thanks!
I set up more of those listed.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Setup Mikrotik router this Security Defense than Juniper Router??

Mon Jul 12, 2021 4:08 pm

What does it mean?

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot] and 76 guests