MikroTik Security Engineer with LABS

Name: MikroTik Security Engineer with LABS
Rating: 4.5 (650 reviews)

Become a MikroTik Security Professional and be ready for the MikroTik MTCSE exam

Created byMA ICT B.V

Last updated 3/2023

English

What you'll learn

Configuring Port Knocking on MikroTik router
Disable unnecessary protocol on the MikroTik Router
Configure user management to allow particular users to login into the MikroTik Router
Protect the MikroTik Router from Brute force attacks
Protect the MikroTik router from DHCP starvation attacks
Protect the MikroTik router from rogue DHCP servers using DHCP Snooping
Protect the MikroTik router from ICMP flood attack
Protoct the MikroTik router from all type of DOS attacks
Understand how packet flow works in MikroTik routers
Understand and configure PPTP tunnelling
Understand and configure L2TP/IPSEC tunnelling
Understand and configure IPSEC VPN tunnelling
Understand how to configure Firewall rule using RAW table
Configure Firewall protection against TCP SYN attacks
Configure Firewall Protection against UDP attacks and prevention
Understand and configure Certificates in MikroTik routers to secure connections to the router
Configure Bridge filtering
Configure the MikroTik Router to prevent all type of ports scan
Understand the different type of Chains in the MikroTik Firewall
Prevent MNDP attacks using the MikroTik Firewall
Understand and configure SSTP tunnelling protocol with certificates
Understand IPSEC IKEv1 & IKEv2
Configure IPSEC site to site

Course content

9 sections • 67 lectures • 12h 33m total length

Security course content difference between RouterOS v6 and v72:08
What are the unnecessary protocols?1:17
Turn off unnecessary packages, scan for open protocols and disable them14:31
In this lecture, you will learn how to:
disable the unnecessary packages in the router
download and install nmap software
scan the router to check the open ports using nmap
disable on the router the follow protocols: telnet, ftp, www, api, api-ssl
Protect the access on the Mikrotik Router using SSH and Winbox13:05
In this lecture, you will learn how to:
change the port of ssh to 9442
provide a stronger encryption key to ssh
allow only your pc to connect winbox to the router

Introduction - Protecing MikroTik Login with Port Knocking2:00
Configuring MikroTik Port Knocking - Part115:39
In this lecture, you learn how to:
create address-lists
create a filter rule to add IP addresses to the address-list for a specific time
do the 1st phase of configuration for the port knocking
Configuring MikroTik Port Knocking - Part214:31
In this lecture, you will learn how to:
add the right IP address to the valid address-list
provide it a time of 30 min to be able to login to the router
Test if the port knocking is working

Introduction - User Management in MikroTik1:30
User Management on Mikrotik17:25
In this lecture, you will learn how:
to change the default username and password of the router
create new users on the router
understand the different type of groups
assign for each new user a group
create a custom group
Allowing user login on a time interval9:34
In this lecture, you will learn how:
allow a user to be able to login to the router from particular IP address
allow a user to login to the router on working hours only
remove the firewall rule

Disable MAC Winbox, MAC Ping & neighbor discovery16:46
In this lecture, you will learn how to:
log to the Mikrotik router via its MAC address
disable the possibility to log to the router via the MAC address
check if it possible to ping the router MAC address and disable it
disallow DNS requests on the Mikrotik Router
Disable Bandwith Test and Romon tools7:07
In this lecture, you will learn how to:
disable the BW test and understand what is its impact if we keep it open
do bandwidth test from one router to another
disable the Rommon on the router

Introduction to the MikroTik Firewall1:34
Overview of the Firewall on the MikroTik RouterOS17:14
What is the function of the Connection Tracking on the MikroTik Router12:44
What are the connection states availble on the MikroTik RouterOS8:54
Protect your MikroTik router using connection state in the Firewall20:25
Brute Force attack and Prevention27:50
Use the Firewall to Protect your MikroTik router from Ping/ICMP flood14:59
Accept important ICMP types in your MikroTik Firewall21:55
Preventing ICMP Smurf Attack12:09
Block Bogon IP addresses on MikroTik Firewall7:54
Drop port scan attacks using the MikroTik firewall15:45
Block Syn Flood and DDOS using the MikroTik Firewall19:21
Use MikroTik RAW firewall to protect your network9:20
Preventing UDP Flood Attack21:28
MNDP Attacks Prevention16:24
In this lecture, I will explain what are the different type of Network Discovery Protocols available in MikroTik and how can an attacker use them to make an attack on your MikroTik router. I will then make a LAB using Kali Linux and Yersinia software to issue an MNDP attack on the MikroTik router then I will show how to prevent it.
Redirect DNS traffic to the router’s DNS11:57
Changing the destination address using Dst-nat7:31
Use Mangle to mark connections and packets17:09
Use Mangle Hide your router IP address when doing traceroute7:25

Introduction to VPN0:57
What is VPN and why is it important to use it in our network?15:52
L2TP/IPSEC Tunneling protocol - Explanation7:10
Configuring L2TP site to site VPN (w/o IPSEC)23:03
Configuring L2TP/IPSEC client to site VPN10:38
SSTP Tunneling Protocol - Explanation8:08
Configuring SSTP site to site VPN (without certificates)14:10
Configuring SSTP site to site VPN (with Certificates)20:31
Configuring SSTP client to site VPN16:11

What is IPSEC? - Intro1:37
What is IPSEC? - Explanation9:10
IPSEC Protocol suite explained5:15
IPSEC modes of communication - Transport vs Tunnel mode8:16
Types of Encryption - Symmetric vs Asymmetric5:57
Security over the internet using IPSEC14:47
Encyption Protocols (DES - 3DES- AES - Blowfish - Camellia - RSA - DH)15:30
Data Integrity - Hashing Algorithms (MD5 - SHA1 - SHA256 - SHA512)8:52
IPSEC Authentication (Pre-shared key vs Certificates)8:47
IPSEC Negotiation Protocols (AH vs ESP)8:10
IPSEC Negotiation Process - Introduction1:00
IPSEC Negotiation Process and choices of IPSEC interesting traffic9:04
IPSEC IKE Phase 1 (ISAKMP Tunnel)8:40
IPSEC IKE Phase 1 (Main vs Aggressive mode)5:42
IPSEC IKE Phase 2 (IPSEC Tunnel)7:03
IPSEC Data Transfer2:59
Difference between IKEv1 and IKEv25:45
Introduction to the IPSEC LAB1:27
Pre-configuration of the IPSEC Tunnel16:28
Configuring site-to-site IPSEC tunnel using IKEv1 & IKEv2 - Part121:00
Configuring site-to-site IPSEC tunnel using IKEv1 & IKEv2 - Part27:03
MikroTik official trainings with Maher Haddad3:27

Requirements

Have at least MikroTik MTCNA level
Understand basic networking topics such as TCP/IP, OSI Layer, etc
Have a good knowledge in MikroTik

Description

***This course is not officially sponsored by MikroTik and not an authorized course by MikroTik. We are neither affiliated with nor endorsed by MikroTik. We respect the Trademarks of the mentioned company and institution.***

As a network engineer, you have always a concern to protect your network from outside cyber attacks. This is most of the the time a challenge when it comes to deploy a security plan to your network.

MikroTik has an extensive firewall feature that can protect your network from all different types of Cyber attacks. The goal of this course is to show you all different steps using real LAB scenarios of how to protect your MikroTik router(s) from any type of cyber attacks and do not let hackers to compromise your network.

This course is based on the MikroTik MTCSE syllabus. So by taking this course, you will cover all the topics of the MikroTik MTCSE track and you will be ready for the exam.

In this course, I will issue cyber attacks to my MikroTik router to see what are the weaknesses available on the router and then show you how you can protect it. All the course will be based on Hands-on LABS that you can re-do them yourself after following this course.

In this course, I will discuss about all security concerns in MikroTik and how to protect your router(s). Some example of the topics that will be explained are:

• Attacks, mechanisms and services
• The most common threats
• RouterOS security deployment
• Packet flow, firewall chains
• Stateful firewall
• RAW table
• SYN flood mitigation
• RouterOS default configuration
• Best practices for management access
• Detecting an attack to critical infrastructure services
• Bridge filter
• Advanced options in firewall filter
• ICMP filtering
• MNDP attacks and prevention
• DHCP: rogue servers, starvation attacks and prevention
• TCP SYN attacks and prevention
• UDP attacks and prevention
• ICMP Smurf attacks and prevention
• FTP, telnet and SSH brute-force attacks and prevention
• Port scan detection and prevention
• Introduction to cryptography and terminology
• Encryption methods • Algorithms - symmetric, asymmetric
• Public key infrastructure (PKI)
• Port knocking
• Secure connections (HTTPS, SSH, WinBox)
• Default ports for the services

In addition of all those security topics, there is one module which explain about the VPN tunneling and will contain the following topics:

• Introduction to IPsec
• L2TP + IPsec
• SSTP with certificates

This course is ideal for Network engineers, technicians and students wanting to deploy and secure MikroTik device based networks. The content of this course is very rich and it has a lot of hands-on LABs so you are more familiar about the types of attacks and how to protect your MikroTik routers from them.

So, are you looking to become a MikroTik Security Professional and be ready for the MTCSE exam? If yes, please do not wait to enroll to my course.

Who this course is for:

Students and engineers interested to understand how to deploy security in MikroTik
Students and engineers who wants to be prepared for the MikroTik MTCSE exam

MikroTik Security Engineer with LABS

What you'll learn

Explore related topics

Course content

Disable unnecessary protocols on the MikroTik Router4 lectures • 31min

Protecing MikroTik Logins with Port Knocking3 lectures • 32min

Get the right people to login into your MikroTik Router3 lectures • 28min

LockDown the Mikrotik Router - Disable unnecessary tools2 lectures • 24min

DHCP attacks and Prevention2 lectures • 45min

How the packets flow in MikroTik3 lectures • 29min

Firewall on MikroTik - The full story (Filter Rules, Mangle, NAT, RAW)19 lectures • 4hr 32min

Encrypted Tunnels on RouterOS9 lectures • 1hr 57min

Internet Protocol Security (IPSEC) Framework22 lectures • 2hr 56min

Requirements

Description

Who this course is for: