My hot take here is that the article actually places Mikrotik in a high place.
The positive things:
- Over 13k Mikrotik devices, most of them high end, used in the wild
- The devices had updates available but were not installed by the owner
- Devices were compromised most likely due to misconfiguration at set up
- The extensive feature list of mikrotik makes them a top choice for hackers
As someone that has set up a few online mikrotik routers and realizing that I had to find ways to be the first to log into the router or it would be compromised I would really love to have a way to deploy an image with a password already set, or secured. So far I have resorted to making the image offline and uploading it already harded which makes it hard for a company to offer vps with the image available, or disabling the network interface and using only remote access to the main terminal to harden in before making it appear online, or making a script to log in and set up passwords and filters before it can be accessed by someone else.
I am loving this software, and this company. This devices are incredible. I have already over 20 mikrotik devices and there are a lot of things left to learn from it.
Having said all that, I know how to leave a mikrotik secured by having a firewall and access restrictions, but you do not have that while you are setting it up in the wild on an x86 img, you can only do that on some routers if you can get the script into it first.
So my question is: How do you secure it while you are setting it up? (and before it is completely set up)