Community discussions

MikroTik App
 
imirsay
just joined
Topic Author
Posts: 22
Joined: Fri Jul 28, 2023 12:47 pm

Increasing security of Mikrotik web page

Sun Aug 04, 2024 1:21 pm

Increasing the security of the Mikrotik web page?

Image
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11332
Joined: Mon Dec 04, 2017 9:19 pm

Re: Increasing security of Mikrotik web page

Sun Aug 04, 2024 3:37 pm

In what sense? No management interface of any device should be directly exposed to internet; the default firewall rules of SOHO models of Mikrotik ensure that. To avoid sending usernames across the network (even LAN) in plaintext, you can disable the http, telnet and api management interfaces completely and allow only ones from the (api-ssl, ssh, https, Winbox) list, all of which send data encrypted; for https and api-ssl, you have to install a certificate first.

The target audience of the large models that come with no default configuration is supposed to be capable of configuring them properly before connecting them to the network.

So can you be more specific whether your post is a question what should you do or a suggestion what should Mikrotik developers do?
 
holvoetn
Forum Guru
Forum Guru
Posts: 6940
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Increasing security of Mikrotik web page

Sun Aug 04, 2024 3:44 pm

ROS 7.0beta3 ??
That's ... over 4 years old ? That version was released 2019-10-22.

Security step 1 already omitted.
 
Apachez
Member Candidate
Member Candidate
Posts: 147
Joined: Mon Jul 01, 2024 11:45 pm

Re: Increasing security of Mikrotik web page

Sun Aug 04, 2024 3:52 pm

Here you got some tips: viewtopic.php?t=209775
 
imirsay
just joined
Topic Author
Posts: 22
Joined: Fri Jul 28, 2023 12:47 pm

Re: Increasing security of Mikrotik web page

Sun Aug 04, 2024 5:25 pm

In what sense? No management interface of any device should be directly exposed to internet; the default firewall rules of SOHO models of Mikrotik ensure that. To avoid sending usernames across the network (even LAN) in plaintext, you can disable the http, telnet and api management interfaces completely and allow only ones from the (api-ssl, ssh, https, Winbox) list, all of which send data encrypted; for https and api-ssl, you have to install a certificate first.

The target audience of the large models that come with no default configuration is supposed to be capable of configuring them properly before connecting them to the network.

So can you be more specific whether your post is a question what should you do or a suggestion what should Mikrotik developers do?
.
.
I don't want anyone to be able to try multiple usernames and get into the router
 
imirsay
just joined
Topic Author
Posts: 22
Joined: Fri Jul 28, 2023 12:47 pm

Re: Increasing security of Mikrotik web page

Sun Aug 04, 2024 5:26 pm

ROS 7.0beta3 ??
That's ... over 4 years old ? That version was released 2019-10-22.

Security step 1 already omitted.
I got this picture from the internet. My router is up to date
 
mada3k
Forum Veteran
Forum Veteran
Posts: 751
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Increasing security of Mikrotik web page

Sun Aug 04, 2024 7:04 pm

Webfig and Winbox should only be exposed via trusted channels.
 
jaclaz
Forum Guru
Forum Guru
Posts: 2237
Joined: Tue Oct 03, 2023 4:21 pm

Re: Increasing security of Mikrotik web page

Sun Aug 04, 2024 7:27 pm

The authentication is made with:
username (default "admin", you can and should change that)
password (you can choose your own "secure" password)

Access to the router via Webfig, winbox, ssh, etc. should only be from LAN (if possible), preferably only from a given port and from a given IP that is NOT part of the Wi-FI address range/network.

Then if you use a unusual enough user name and a complex enough password the router is secure enough.

Usual xkcd:
https://xkcd.com/538/
 
User avatar
infabo
Forum Guru
Forum Guru
Posts: 1508
Joined: Thu Nov 12, 2020 12:07 pm

Re: Increasing security of Mikrotik web page

Sun Aug 04, 2024 8:39 pm

at least some fail2ban like mechanism would be an improvement.