Scribd Logo
Carica

Benvenuto in Scribd!

  • Hardening Mikrotik

    Caricato da

    Digit Oktavianto
    410 visualizzazioni11 pagine
    Hardening Mikrotik

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Hardening Mikrotik

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    410 visualizzazioni11 pagine

    Hardening Mikrotik

    Caricato da

    Digit Oktavianto
    Hardening Mikrotik

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 11

    Mikrotik Router Hardening Manito Networks

    1 of 11

    http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

    8/25/2016 10:20 PM

    Mikrotik Router Hardening Manito Networks

    2 of 11

    http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

    /interface print

    /interface set 3,4 disabled=yes

    8/25/2016 10:20 PM

    Mikrotik Router Hardening Manito Networks

    3 of 11

    http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

    8/25/2016 10:20 PM

    Mikrotik Router Hardening Manito Networks

    4 of 11

    http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

    /ip service disable 0,1,2,4,5,7


    /tool bandwidth-server set enabled=no
    /ip dns set allow-remote-requests=no
    /ip socks set enabled=no

    /ip ssh set strong-crypto=yes

    tool mac-server set [find] disabled=yes

    8/25/2016 10:20 PM

    Mikrotik Router Hardening Manito Networks

    5 of 11

    http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

    tool mac-server mac-winbox set [find] disabled=yes


    tool mac-server ping set enabled=no

    /ip service print


    /tool mac-server print
    /tool mac-server mac-winbox print
    /tool mac-server ping print

    /tool romon set enabled=no

    8/25/2016 10:20 PM

    Mikrotik Router Hardening Manito Networks

    6 of 11

    http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

    /ip firewall address-list

    add address=192.168.0.0/16 list=Bogon


    add address=10.0.0.0/8 list=Bogon

    add address=172.16.0.0/12 list=Bogon


    add address=127.0.0.0/8 list=Bogon
    add address=0.0.0.0/8 list=Bogon

    add address=169.254.0.0/16 list=Bogon

    /ip firewall filter

    add chain=input comment="Accept Established / Related


    Input" connection-state=established,related

    add chain=input comment="Allow Management Input"


    src-address=10.1.157.0/24

    add action=drop chain=input comment="Drop Input" log=yes


    log-prefix="Input Drop"

    add action=fasttrack-connection chain=forward comment="Fast


    Track Established / Related Forward" connectionstate=established,related

    add chain=forward comment="Accept Established / Related


    Forward" connection-state=established,related

    add chain=forward comment="Allow client LAN traffic out

    WAN" out-interface=ether1-gateway src-address=192.168.0.0/24


    add action=drop chain=forward comment="Drop Bogon Forward
    -> Ether1" in-interface=ether1-gateway log=yes

    log-prefix="Bogon Forward Drop" src-address-list=Bogon

    add action=drop chain=forward comment="Drop All Forward"

    8/25/2016 10:20 PM

    Mikrotik Router Hardening Manito Networks

    7 of 11

    http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

    /user set 0 password=mygreatpassword


    /user set 0 name=tikadmin

    8/25/2016 10:20 PM

    Mikrotik Router Hardening Manito Networks

    8 of 11

    http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

    /ip neighbor discovery settings set default=no default-

    for-dynamic=no

    /ipv6 nd set [find] disabled=yes

    /ip neighbor discovery set [find] discover=no

    /ip settings set rp-filter=strict

    8/25/2016 10:20 PM

    Mikrotik Router Hardening Manito Networks

    9 of 11

    http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

    /system note set show-at-login=yes

    /system note set note="Authorized administrators only.


    Access to this device is monitored."

    /system ntp client set enabled=yes server-

    dns-names=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org

    8/25/2016 10:20 PM

    Mikrotik Router Hardening Manito Networks

    10 of 11

    http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

    export compact file=backup_config_router01

    8/25/2016 10:20 PM

    Mikrotik Router Hardening Manito Networks

    11 of 11

    http://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-ha...

    8/25/2016 10:20 PM

    Potrebbero piacerti anche