Is your MikroTik vulnerable...?

Поделиться
HTML-код
  • Опубликовано: 15 дек 2024

Комментарии • 45

  • @samslab8977
    @samslab8977 Год назад +1

    Thanks

  • @Mensan1960
    @Mensan1960 Год назад +10

    Just so people don’t get too worried. I’ve had hundreds of MT routers in the wild for almost 20 years and never had an issue. So it IS possible to secure a router.

    • @Lann91
      @Lann91 Год назад +3

      It's the kind of "vulnerability" that is not really an issue. Like, when there is a Windows/Microsoft shaming post on a new "ultimate crazy windows vulnerability hack", that requires an administrator and physical access to the server to begin with. At that point, are you really need to be a hacker to do damage? Pure clickbait.

    • @TheNetworkBerg
      @TheNetworkBerg  Год назад +4

      I disagree, if there are people that still use admin/blank as the default login credentials with old firmware then this "Vulnerability" isn't a null issue, the points in the video is aimed at helping people implement some pretty basic yet recommended configurations on their routers to prevent bad actors not only to abuse this CVE but many others.

    • @TheNetworkBerg
      @TheNetworkBerg  Год назад +3

      @user-zm7qz5fq2d pretty much, which is why there is this video and similar ones like it to tell people to stop using default creds and to help them follow some basic but useful configs to help secure their network so that when security researchers check the scope of a vulnerability that it shouldn't be a staggering number like "nearly a million vulnerable devices"

    • @Darkk6969
      @Darkk6969 Год назад

      It really should be standard practice to create another admin account with unique weird username and disable (don't delete) the original account. I do this on all devices and Linux servers. The reason I disable the original admin account is sometimes patches / updates may freak out if it can't find it or it may automatically re-create it. Better to disable it.

    • @zadekeys2194
      @zadekeys2194 10 месяцев назад

      Never had an issue you knew about? :) would you mind sharing some of the security config that you use please ?
      I've had a national ISP categorically tell me the Mikrotik they configured is secure, yet in the logs there was evidence that a 3rd party was logging into the router and the ISP didn't know who the 3rd party was. Yes it's a sample of.1, but my rule of thumb is "don't assume it's secure, ever".

  • @Africaontherise00
    @Africaontherise00 Год назад +2

    Great vidéo as usual

  • @lukasbruderlin2723
    @lukasbruderlin2723 9 месяцев назад

    Just one small remark on vulnerabilities and patches. Yes, I agree the typical CVEs usually are addressed in the patches and most of the time you could forget about it with applied patch. Nevertheless, there are security patches, which are more like a small feature upgrade and to properly address a vulnerability sometimes additional tasks have to be applied. Of course, usually such things are communicated by the vendor, but as most of us don't have too much time to waste on security, this could sometimes get easily forgotten.

  • @garethgrant6390
    @garethgrant6390 Год назад +2

    I’ve been waiting for you to upload a new Video!! Glad to see you’re back in action🥳

  • @Anavllama
    @Anavllama Год назад +4

    Most vendors have many CVEs, not unique to MT. Most hacks can only occur if your firewall is not setup properly using basic security practices.

    • @TheNetworkBerg
      @TheNetworkBerg  Год назад +2

      Definitely, as basic administration and patch management goes a long way in keeping your network secure.
      I looked at FortiNet's CVE list and that was something I was actually surprised at, a massive list for a vendor whose business model is mostly security.

    • @Darkk6969
      @Darkk6969 Год назад

      @@TheNetworkBerg Yep. I use pfsense for firewall and MikroTik switches for home lab. We use Fortinet firewalls at work and branches which I am admin of. I've also deployed few pfsense appliances at the branches without issues. I am too very annoyed and surprised to see so many CVEs lately on the Fortigates that I am temping to stop buying them and get the pfsense appliances instead.
      Seems lately I have to run the firmware updates several times in short period of time on so many of our Fortigates. It's crazy. I even shut down the ssl-vpn back in Dec as Fortinet's infinite wisdom to expose the ssl-vpn web to the internet for hackers to pick at. Crazy.

  • @Red1Wollip
    @Red1Wollip Год назад

    WOW! A great video that helped me imensly. Thank You!

  • @Anavllama
    @Anavllama Год назад

    Good video in terms of basic good practices, change default winbox port and limit subnet access, only allow access to router on input chain from trusted users, and finally tools --> mac-server, winbox-mac server, and ensure all three different control elements are in sync!.

  • @TheNetworkBerg
    @TheNetworkBerg  Год назад +4

    Pinned comment with some reference material and additional tips:
    Protect your MikroTik from Hackers:
    ruclips.net/video/d39IvN70Eb4/видео.html
    MikroTik Firewall Rules:
    ruclips.net/video/NXvHdZbAuTI/видео.html
    MikroTik's guide to stop Brute Force attacks:
    ruclips.net/video/UXGVQmFUfL4/видео.html
    MikroTik Securing your Router Docs:
    help.mikrotik.com/docs/display/ROS/Securing+your+router
    Vulncheck Article:
    vulncheck.com/blog/mikrotik-foisted-revisited

  • @mikkio5371
    @mikkio5371 Год назад

    Nice presentation. Thanks

  • @kresimirpecar4925
    @kresimirpecar4925 Год назад +2

    So, i can see you are testing new bth option ? Are you planning to do some video about it ?

  • @KhmerShare.config
    @KhmerShare.config Год назад

    Noted sir, Thanks your video is good secure firewall more

  • @jblow530
    @jblow530 Год назад

    Great advice!

  • @zadekeys2194
    @zadekeys2194 10 месяцев назад

    I often find mikrotiks in the wild running pre RoS 7, with FTP server enabled etc etc...grab nmap and do some.cve scans ;)

  • @watangi
    @watangi Год назад

    Duplicate mac address "phones" for mikrotik active What is the solution, please?

  • @ВиталийБойко-з5й

    I usually tend to bind my own routers to be only winbox/ssh accessible from within zerotier network, with the restricted NAT as failover

  • @Mi_Fa_Volare
    @Mi_Fa_Volare Год назад

    Hi. I rerouted access to a subnet to another router (due to PoE and DAC). Local subnet has one node to hop (gateway) , remote subnet has 2 nodes to hop (gateway). When the firewall rule [chain forward drop invalid] is on local router, responds come only selectively. The router seems to favor only my laptop to access the other subnet (validating its connection states?). Wired nor cellphone can access the other subnet. When I turn off that firewall rule, all clients can access the other subnet like intended. Question is how important is the rule? How much of a security concern is not dropping [forward] [ivalid]? How can I compensate for disabling this rule?

  • @davidpereira5149
    @davidpereira5149 Год назад

    Hey Berg
    I just bought an hAP ax Lite and i cant put my wireless working so can you explain how to configure the wifi Wave 2, step by step
    Nice work btw

  • @samslab8977
    @samslab8977 Год назад

    Thank you

  • @lukasbruderlin2723
    @lukasbruderlin2723 9 месяцев назад

    One question, that you probably get quite frequently, but I haven't seen answered so far: Can you use names for IP addresses, ranges and also for ports, instead of always remembering the specific numbers? Thanks.

  • @kadeem070
    @kadeem070 Год назад

    Appreciate your videos man. How do you suggest I go about getting out of my NOC role and moving up. I have my ccna, but no promotion opportunities at work. I just want to get my hands on some configurations, I feel myself losing my skills. Is a net engineer too much of a jump? Would a CCNP help? Sorry for the question overload lol

    • @TheNetworkBerg
      @TheNetworkBerg  Год назад +1

      I think these are good questions, I think the first thing that you can do is have an honest conversation with your current employer and making them aware that you no longer feel challenged in your current role and that you are looking at moving into something else, such as configurations. This will let them know that you will either need a different role that will challenge and grow you which they can help with or that you will potentially move on to new opportunities with another company.
      I think many people are afraid to be direct with their employers because it feels like you are potentially impacting your job security, but in reality employers value this honesty and is many times the reason why someone "moves up"
      As for getting a CCNP, it can definitely help getting an interview with some companies, but from personal experience I think most companies are looking for people with experience already and having the cert itself won't be the biggest reason why you get into an engineering role. You could also check different departments the ISP I first worked for had various divisions and there was an installations team that would primarily drive to a site and install equipment, but they were a part of the config process with core engineers giving them valuable insight and experience until they could move into those roles themselves as they got that hands-on experience.

  • @sopota6469
    @sopota6469 Год назад +4

    If you already have a malicious user with admin access this CVE is the least of your problems right now. The thumbnail is a bit sensationalist.
    I was expecting something like a RCE.

    • @TheNetworkBerg
      @TheNetworkBerg  Год назад +3

      I do talk a bit regarding the subject, suggest watching the video. If you want to see an RCE you are welcome to check out Vulncheck's channel. They have a video of it there showcasing how the exploit works, my video is aimed more at stopping exploits like this from occurring by just some basic but best practice rules when bringing a router online.
      The big problem is that there are just many routers in the wild that still use the default admin/blank credentials running old firmware making them extremely easy to exploit even without things like Brute Force tools. And yes, the thumbnail is supposed to be sensationalist, I want to get people's attention if it can make at least a few people aware of the risks and get them to just implement a few configuration changes and apply patch management to their system then I am very happy if a thumbnail like this got their attention.

    • @aliancemd
      @aliancemd Год назад +1

      The problem is that A Lot of Mikrotik devices are running with “admin” without any password in the wild, because of this weird design choice they made early on.
      People are buying these because they are cheap, connecting to the internet and using them like that

  • @markarca6360
    @markarca6360 Год назад

    Pro tips:
    Disable services you don't use or need.
    Change default ports (for example, SSH, or HTTPS)

    • @WanderTrekker
      @WanderTrekker Год назад +1

      Changing ports, does nothing for an targeted attack.

    • @samtihnenko290
      @samtihnenko290 Год назад

      @@WanderTrekker PSD and FTB does something though

  • @mikkio5371
    @mikkio5371 Год назад

    It being a while. Hope u are fine

    • @TheNetworkBerg
      @TheNetworkBerg  Год назад

      I am very much fine ^^, busy moving to a new country and it is taking all my focus so RUclips has taken a slowdown for a bit. Thank you for your concern :)

    • @mikkio5371
      @mikkio5371 Год назад

      ​@@TheNetworkBerghappy to hear from you ,you are fine .

  • @urvhalt
    @urvhalt Год назад

    Manufactured a few miles from russia..

    • @TheNetworkBerg
      @TheNetworkBerg  Год назад +1

      The US is also a few miles away from Russia :P

  • @mmrk_
    @mmrk_ Год назад

    +1