Тёмный

Is your MikroTik vulnerable...? 

The Network Berg
Подписаться 48 тыс.
Просмотров 16 тыс.
50% 1

Опубликовано:

 

3 окт 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 45   
@Mensan1960
@Mensan1960 Год назад
Just so people don’t get too worried. I’ve had hundreds of MT routers in the wild for almost 20 years and never had an issue. So it IS possible to secure a router.
@Lann91
@Lann91 Год назад
It's the kind of "vulnerability" that is not really an issue. Like, when there is a Windows/Microsoft shaming post on a new "ultimate crazy windows vulnerability hack", that requires an administrator and physical access to the server to begin with. At that point, are you really need to be a hacker to do damage? Pure clickbait.
@TheNetworkBerg
@TheNetworkBerg Год назад
I disagree, if there are people that still use admin/blank as the default login credentials with old firmware then this "Vulnerability" isn't a null issue, the points in the video is aimed at helping people implement some pretty basic yet recommended configurations on their routers to prevent bad actors not only to abuse this CVE but many others.
@TheNetworkBerg
@TheNetworkBerg Год назад
@user-zm7qz5fq2d pretty much, which is why there is this video and similar ones like it to tell people to stop using default creds and to help them follow some basic but useful configs to help secure their network so that when security researchers check the scope of a vulnerability that it shouldn't be a staggering number like "nearly a million vulnerable devices"
@Darkk6969
@Darkk6969 Год назад
It really should be standard practice to create another admin account with unique weird username and disable (don't delete) the original account. I do this on all devices and Linux servers. The reason I disable the original admin account is sometimes patches / updates may freak out if it can't find it or it may automatically re-create it. Better to disable it.
@zadekeys2194
@zadekeys2194 8 месяцев назад
Never had an issue you knew about? :) would you mind sharing some of the security config that you use please ? I've had a national ISP categorically tell me the Mikrotik they configured is secure, yet in the logs there was evidence that a 3rd party was logging into the router and the ISP didn't know who the 3rd party was. Yes it's a sample of.1, but my rule of thumb is "don't assume it's secure, ever".
@lukasbruderlin2723
@lukasbruderlin2723 6 месяцев назад
Just one small remark on vulnerabilities and patches. Yes, I agree the typical CVEs usually are addressed in the patches and most of the time you could forget about it with applied patch. Nevertheless, there are security patches, which are more like a small feature upgrade and to properly address a vulnerability sometimes additional tasks have to be applied. Of course, usually such things are communicated by the vendor, but as most of us don't have too much time to waste on security, this could sometimes get easily forgotten.
@Dara.config
@Dara.config Год назад
Noted sir, Thanks your video is good secure firewall more
@Anavllama
@Anavllama Год назад
Good video in terms of basic good practices, change default winbox port and limit subnet access, only allow access to router on input chain from trusted users, and finally tools --> mac-server, winbox-mac server, and ensure all three different control elements are in sync!.
@Africaontherise00
@Africaontherise00 Год назад
Great vidéo as usual
@garethgrant6390
@garethgrant6390 Год назад
I’ve been waiting for you to upload a new Video!! Glad to see you’re back in action🥳
@lukasbruderlin2723
@lukasbruderlin2723 6 месяцев назад
One question, that you probably get quite frequently, but I haven't seen answered so far: Can you use names for IP addresses, ranges and also for ports, instead of always remembering the specific numbers? Thanks.
@Red1Wollip
@Red1Wollip Год назад
WOW! A great video that helped me imensly. Thank You!
@Anavllama
@Anavllama Год назад
Most vendors have many CVEs, not unique to MT. Most hacks can only occur if your firewall is not setup properly using basic security practices.
@TheNetworkBerg
@TheNetworkBerg Год назад
Definitely, as basic administration and patch management goes a long way in keeping your network secure. I looked at FortiNet's CVE list and that was something I was actually surprised at, a massive list for a vendor whose business model is mostly security.
@Darkk6969
@Darkk6969 Год назад
@@TheNetworkBerg Yep. I use pfsense for firewall and MikroTik switches for home lab. We use Fortinet firewalls at work and branches which I am admin of. I've also deployed few pfsense appliances at the branches without issues. I am too very annoyed and surprised to see so many CVEs lately on the Fortigates that I am temping to stop buying them and get the pfsense appliances instead. Seems lately I have to run the firmware updates several times in short period of time on so many of our Fortigates. It's crazy. I even shut down the ssl-vpn back in Dec as Fortinet's infinite wisdom to expose the ssl-vpn web to the internet for hackers to pick at. Crazy.
@sopota6469
@sopota6469 Год назад
If you already have a malicious user with admin access this CVE is the least of your problems right now. The thumbnail is a bit sensationalist. I was expecting something like a RCE.
@TheNetworkBerg
@TheNetworkBerg Год назад
I do talk a bit regarding the subject, suggest watching the video. If you want to see an RCE you are welcome to check out Vulncheck's channel. They have a video of it there showcasing how the exploit works, my video is aimed more at stopping exploits like this from occurring by just some basic but best practice rules when bringing a router online. The big problem is that there are just many routers in the wild that still use the default admin/blank credentials running old firmware making them extremely easy to exploit even without things like Brute Force tools. And yes, the thumbnail is supposed to be sensationalist, I want to get people's attention if it can make at least a few people aware of the risks and get them to just implement a few configuration changes and apply patch management to their system then I am very happy if a thumbnail like this got their attention.
@aliancemd
@aliancemd Год назад
The problem is that A Lot of Mikrotik devices are running with “admin” without any password in the wild, because of this weird design choice they made early on. People are buying these because they are cheap, connecting to the internet and using them like that
@samslab8977
@samslab8977 Год назад
Thanks
@mikkio5371
@mikkio5371 Год назад
Nice presentation. Thanks
@TheNetworkBerg
@TheNetworkBerg Год назад
Pinned comment with some reference material and additional tips: Protect your MikroTik from Hackers: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-d39IvN70Eb4.html MikroTik Firewall Rules: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-NXvHdZbAuTI.html MikroTik's guide to stop Brute Force attacks: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-UXGVQmFUfL4.html MikroTik Securing your Router Docs: help.mikrotik.com/docs/display/ROS/Securing+your+router Vulncheck Article: vulncheck.com/blog/mikrotik-foisted-revisited
@davidpereira5149
@davidpereira5149 Год назад
Hey Berg I just bought an hAP ax Lite and i cant put my wireless working so can you explain how to configure the wifi Wave 2, step by step Nice work btw
@zadekeys2194
@zadekeys2194 8 месяцев назад
I often find mikrotiks in the wild running pre RoS 7, with FTP server enabled etc etc...grab nmap and do some.cve scans ;)
@jblow530
@jblow530 Год назад
Great advice!
@kresimirpecar4925
@kresimirpecar4925 Год назад
So, i can see you are testing new bth option ? Are you planning to do some video about it ?
@TheNetworkBerg
@TheNetworkBerg Год назад
Maybe :D, (Definitely)
@samslab8977
@samslab8977 Год назад
Thank you
@ВиталийБойко-з5й
@ВиталийБойко-з5й 11 месяцев назад
I usually tend to bind my own routers to be only winbox/ssh accessible from within zerotier network, with the restricted NAT as failover
@TheNetworkBerg
@TheNetworkBerg 11 месяцев назад
Yeah that sounds like a pretty solid way to manage your devices.
@ВиталийБойко-з5й
@ВиталийБойко-з5й 11 месяцев назад
@@TheNetworkBerg those newer hAPs rock a lot when you know what to do with them
@watangi
@watangi Год назад
Duplicate mac address "phones" for mikrotik active What is the solution, please?
@Mi_Fa_Volare
@Mi_Fa_Volare Год назад
Hi. I rerouted access to a subnet to another router (due to PoE and DAC). Local subnet has one node to hop (gateway) , remote subnet has 2 nodes to hop (gateway). When the firewall rule [chain forward drop invalid] is on local router, responds come only selectively. The router seems to favor only my laptop to access the other subnet (validating its connection states?). Wired nor cellphone can access the other subnet. When I turn off that firewall rule, all clients can access the other subnet like intended. Question is how important is the rule? How much of a security concern is not dropping [forward] [ivalid]? How can I compensate for disabling this rule?
@kadeem070
@kadeem070 Год назад
Appreciate your videos man. How do you suggest I go about getting out of my NOC role and moving up. I have my ccna, but no promotion opportunities at work. I just want to get my hands on some configurations, I feel myself losing my skills. Is a net engineer too much of a jump? Would a CCNP help? Sorry for the question overload lol
@TheNetworkBerg
@TheNetworkBerg Год назад
I think these are good questions, I think the first thing that you can do is have an honest conversation with your current employer and making them aware that you no longer feel challenged in your current role and that you are looking at moving into something else, such as configurations. This will let them know that you will either need a different role that will challenge and grow you which they can help with or that you will potentially move on to new opportunities with another company. I think many people are afraid to be direct with their employers because it feels like you are potentially impacting your job security, but in reality employers value this honesty and is many times the reason why someone "moves up" As for getting a CCNP, it can definitely help getting an interview with some companies, but from personal experience I think most companies are looking for people with experience already and having the cert itself won't be the biggest reason why you get into an engineering role. You could also check different departments the ISP I first worked for had various divisions and there was an installations team that would primarily drive to a site and install equipment, but they were a part of the config process with core engineers giving them valuable insight and experience until they could move into those roles themselves as they got that hands-on experience.
@markarca6360
@markarca6360 Год назад
Pro tips: Disable services you don't use or need. Change default ports (for example, SSH, or HTTPS)
@WanderTrekker
@WanderTrekker Год назад
Changing ports, does nothing for an targeted attack.
@samtihnenko290
@samtihnenko290 Год назад
@@WanderTrekker PSD and FTB does something though
@mikkio5371
@mikkio5371 Год назад
It being a while. Hope u are fine
@TheNetworkBerg
@TheNetworkBerg Год назад
I am very much fine ^^, busy moving to a new country and it is taking all my focus so RU-vid has taken a slowdown for a bit. Thank you for your concern :)
@mikkio5371
@mikkio5371 Год назад
​@@TheNetworkBerghappy to hear from you ,you are fine .
@mmrk_
@mmrk_ Год назад
+1
@urvhalt
@urvhalt Год назад
Manufactured a few miles from russia..
@TheNetworkBerg
@TheNetworkBerg Год назад
The US is also a few miles away from Russia :P
Далее
iPhone 16 & beats 📦
00:30
Просмотров 118 тыс.
Opnsense vs Pfsense ~ My own thoughts and concerns
29:15
My review/experience with the MikroTik hAP ax³
17:17
A Vulnerability to Hack The World - CVE-2023-4863
18:00
Finding And Stopping Rogue DHCP Servers On MikroTik
12:00
An Introduction to MikroTik RouterOS for Newbies!
47:37
How to protect and restrict VLAN traffic on MikroTik.
19:54
Unveiling the Best VPN for MikroTik Routers
16:22
Просмотров 36 тыс.