Securing MikroTik RouterOS With Proxy Server Blacklisting

So, you want to secure your MikroTik RouterOS login users, huh? Well, you're in luck because that's exactly what we're going to talk about today. And let me tell you, securing your router is no laughing matter. Unless you're a funny person like me, then it's definitely a laughing matter. But I digress...

Now, where was I? Oh yes, securing your router. Here are a few ways you can do that:

Change the Default Password - This may seem obvious, but you would be surprised how many people don't do it. The default login for MikroTik RouterOS is "admin" with no password. So, change it!
Limit Login Attempts - You can set up your router to limit the number of login attempts a user can make. This will prevent brute force attacks where a hacker tries to guess your password over and over again.
Use Strong Passwords - This is another no-brainer, but it's worth mentioning. Use a combination of uppercase and lowercase letters, numbers, and symbols in your password. And don't use the same password for everything!
Enable Two-Factor Authentication - Two-factor authentication adds an extra layer of security to your login process. It requires users to enter a code that is sent to their phone or email in addition to their password.
Disable Unnecessary Services - Take a look at the services running on your router and disable any that you don't need. This will reduce the attack surface of your router and make it harder for hackers to gain access.

Those are just a few basic things you can do to secure your MikroTik RouterOS login users. But there's more!

You can also use IP-based user access to further restrict who can access your router. Here's how:

Create an IP Address List - Go to IP > Firewall > Address List and create a new list. Give it a name like "Allowed IPs".
Add IP Addresses to the List - Add the IP addresses of the devices that you want to allow access to your router to the "Allowed IPs" list.
Create a Firewall Rule - Go to IP > Firewall > Filter Rules and create a new rule. Set the chain to "input" and the action to "drop". In the "src-address-list" field, select "Allowed IPs".

What this does is drop any connection attempts from IP addresses that are not on the "Allowed IPs" list. So, only devices with IP addresses on that list will be able to access your router.

Pretty neat, huh? But wait, there's more!

You can also use VLANs to separate your network into different virtual LANs. This can help prevent a compromised device from accessing other devices on your network. Here's how:

Create a VLAN Interface - Go to Interfaces and create a new VLAN interface. Give it a name and set the interface to your physical interface. Set the VLAN ID to a number between 2 and 4094.
Create a DHCP Server - Go to IP > DHCP Server and create a new server. Set the interface to your VLAN interface and configure the DHCP settings as desired.
Create Firewall Rules - Go to IP > Firewall > Filter Rules and create new rules to allow traffic between the VLAN interface and the main LAN, and to deny traffic between VLAN interfaces.

Now, any device connected to the VLAN interface will be separated from the rest of the network and will only be able to communicate with devices on that VLAN.

And there you have it, folks. Some basic ways you can secure your MikroTik RouterOS login users and further protect your network. Happy routing!