What the student will learn
By completing this tutorial, students will be able to:
- Basic+Intermediate Firewall Configuration
- Protection against unauthorized access
- Management of Vulnerable Services and Ports
- Using Interface Lists and Address Lists
- Configuring Rules to Protect Customer Traffic
- Port Knocking Implementation
- Traffic Filtering and Attack Protection
- Security in Access to Client Equipment
Requirements
- Understand basic networking concepts, such as network types (LAN, WAN), network topologies, and OSI/TCP-IP models.
- Know the differences between public and private IP addresses, and how they are used in networks.
- Have knowledge of subnets, netmasks and IP addressing.
- Understand the basic concepts of routing and switching in networks.
- Know how Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) work.
- Understand the assignment of dynamic and static IPs.
General Purpose
The main objective of this tutorial is to train students in the effective configuration of a firewall in MikroTik RouterOS, in order to improve the security of the router and the network.
Participants will learn how to configure specific rules for various security needs, from protecting the router to securely managing access to services and protecting client traffic.
Basic and Intermediate Settings
The general advanced firewall protection rules are explained in detail in the Tutorial (ML-006) Filtering threats: Firewall rules to protect the router from common attacks on the network.
This tutorial develops basic and intermediate security complexity rules that complement the ML-006 tutorial.
Objectives for Each Chapter:
Configure Input Rules for Router Protection
- Learn how to protect the router from unauthorized access and external attacks.
- Configure rules to allow secure connections and block vulnerable ports.
- Implement measures to disable unnecessary services and organize interfaces efficiently.
Configuring Input Rules to Allow Access Services to MikroTik
- Understand how to allow specific access to services such as VPNs and secure access through Port Knocking.
- Configure the firewall to allow secure access from external networks, using specific port sequences.
Configure Forward Rules to Protect Customer Traffic
- Configure rules to manage and protect traffic within the network and between different network segments.
- Learn how to filter advanced ICMP traffic and block insecure SMTP ports to prevent abuse.
Configure Access Protection to Client Computers
- Establish administrator lists to control access to client computers.
- Implement rules to block unauthorized communications between clients and manage Internet access securely.
What the Student Will Obtain upon Completing this Tutorial
By completing this tutorial, students will be able to:
- Setup a firewall in MikroTik RouterOS to protect the router and the network from unauthorized access and external attacks.
- Administrator safe access to essential services, using advanced techniques such as Port Knocking.
- Protect customer traffic within the network, ensuring secure and efficient communication.
- Implement detailed access management for customer computers, ensuring that only authorized users can access specific network resources.
- Apply a comprehensive security setup that ranges from router protection to secure network traffic management.
This knowledge in MikroTik RouterOS firewall configuration will allow students to strengthen the security of the networks they manage, optimizing protection against a wide range of cyber threats and improving network security management.