Show Interfacesįirst list all the interfaces, making note of the numbers associated with each interface (refer to the table above for the interfaces in this exercise): /interface print Disable Unused Interfaces To plug into the router they'd have to disconnect a live connection and draw attention. The first step we'll take is disabling any physical network interfaces that aren't in use, denying an intruder access to the device if they somehow got into the wiring closet or server room. The network devices must only allow management connections for administrative access from hosts residing in the management network. The Management network isn't strictly necessary in organizations without applicable compliance requirements but it's a best practice.įor organizations that do have compliance standards in place, having a separate management network statisfies Infrastructure Router STIG Finding V-5611: It could very easily be an RB-751 in a home office, or an RB-951 or hAP in a branch office. This is a typical branch office configuration with Inside, Outside, and Management network "zones". Almost all of the configuration changes below are included in requirements for PCI-DSS and HIPAA compliance, and the best-practice steps are also included in CIS security benchmarks and DISA STIGs. Some very basic configuration changes can be made immediately to reduce attack surface while also implementing best practices, and more advanced changes allow routers to pass compliance scans and formal audits. Mikrotik routers straight out of the box require security hardening like any Arista, Cisco, Juniper, or Ubiquiti router. MikroTik Security Guide and Networking with MikroTik: MTCNA Study Guide by Tyler Hart are both available in paperback and Kindle! Preface You can now get MikroTik training direct from Manito Networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |