It is recommended to disable these services if you are not using them or specify the IP addresses, IP ranges or network segments access will be allowed; this can be adjusted in the menu /IP/Services. Another way is to create rules of /firewall filter to allow or deny access via SSH or Telnet.
To protect MikroTik routers from SSH (Secure Shell) and Telnet attacks, it is essential to implement a series of security measures.
These protocols are commonly used for remote device management, but can be vulnerable to attacks if not configured properly.
We give you other key recommendations to strengthen the security of your MikroTik router against these attacks:
1. Change the Default Port
- For SSH and Telnet, consider changing the default ports (22 for SSH and 23 for Telnet) to other non-standard port numbers. This can significantly reduce automated attacks.
2. Disable Telnet
- Telnet is not secure because it transmits credentials and data in clear text. It is recommended to completely disable Telnet and use SSH for remote management, since SSH encrypts the connection.
3. Use Strong Passwords
- Make sure all accounts have strong, unique passwords. Consider using a password manager to generate and store complex passwords.
4. Restrict Access by IP
- Use firewall rules to restrict SSH access to only known and trusted IP addresses. This significantly limits who can try to connect to your router.
5. Enable Two-Factor Authentication (2FA)
- If possible, enable two-factor authentication for SSH access. This adds an extra layer of security.
6. Regularly Update Software
- Make sure your MikroTik router is always updated with the latest RouterOS and firmware, as updates often include security patches.
7. Disable SSH and Telnet Access from WAN
- If you do not need to manage the router remotely, it is recommended to disable SSH and Telnet access from the WAN interface. This can be easily done through firewall rules.
8. Use SSH Keys instead of Passwords
- For SSH access, opt for key-based authentication instead of passwords. Key-based authentication is more secure as it requires the attacker to have access to the private key.
9. Monitor Access Attempts
- Configure your MikroTik router to log and alert about failed access attempts. This can help you detect attack attempts and take proactive measures.
10. Configure the Firewall Properly
- Make sure your firewall is properly configured to block unwanted packets and limit the number of failed connection attempts, for example using the Connection Rate feature.
Implementing these security measures can significantly help protect your MikroTik router from external attacks via SSH and Telnet, thus ensuring the integrity and privacy of your network.
There are no tags for this post.