Using a Mikrotik router as a firewall?

  • Richard Y
    Participant
    Post count: 2
    #75923 |

    In my organisation’s Nigeria office, they have started using a Routerboard 1100AHx2 router with Mikrotik OS as a firewall. They get some technical support for the Routerboard from a local ISP. The office switched from the previous IPFire because it was giving multiple problems, which we never got to the bottom of.

    I’m new to Mikrotik products, and I have heard that the OS is not straightforward to use.
    But I would like to find a way to test this router’s firewall functionality – or at least a checklist of what kinds of things a decent firewall ought to be able to block.
    Is there a good checklist somewhere online?
    Can someone recommend a good website for testing a router for vulnerabilities? I know about ShieldsUP – is this the best one to use?

  • Paul Zee
    Participant
    Post count: 2
    #77652 |

    Richard,

    The mikrotik OS is professional grade, very powerful and used all over. You needn’t worry (much) about the OS itself. The real security concern on any firewall is — has it been configured securely and appropriately for the network? This requires networking knowledge and an understanding of your network configuration and needs; there are no simple pushbutton solutions.

    Shields up is an easy place to look for any holes that you might not realized have been opened accidentally, but all of their recommendations are not necessarily appropriate for a corporate firewall. Whoever is managing the firewall should have training not only on the mikrotik interface but on networking in general in order to be qualified to configure the firewall and do penetration testing to ensue it is secure.

    As a first and most critical step, the default passwords for firewall access must be changed to something secure, and access to the firewall html and ssh interfaces should be blocked from the Internet interface. Typically, the default settings will be adequately secure once you do that.

You must be logged in to reply to this topic.