***This course is not officially sponsored by MikroTik and not an authorized course by MikroTik. We are neither affiliated with nor endorsed by MikroTik. We respect the Trademarks of the mentioned company and institution.***
Description
If you're a network engineer, safeguarding your network from cyber attacks is always a priority, and implementing an effective security plan can be challenging.
This course focuses on MikroTik's comprehensive firewall features, designed to protect your network from various types of cyber threats. Our aim is to guide you through each step with real LAB scenarios, ensuring your MikroTik routers are well-protected against any form of cyber attacks.
Aligned with the MikroTik MTCSE syllabus, this course not only covers all relevant topics but also prepares you for the certification exam.
Throughout the course, I'll simulate cyber attacks on a MikroTik router to identify vulnerabilities and demonstrate effective protection strategies. You'll get hands-on experience through extensive LAB exercises, which you can replicate independently.
Key topics we'll cover include various security aspects in MikroTik and methods to fortify your routers. Some of the topics we'll explore are:
- Attacks, mechanisms and services
- The most common threats
- RouterOS security deployment
- Packet flow, firewall chains
- Stateful firewall
- RAW table
- SYN flood mitigation
- RouterOS default configuration
- Best practices for management access
- Detecting an attack to critical infrastructure services
- Bridge filter
- Advanced options in firewall filter
- ICMP filtering
- MNDP attacks and prevention
- DHCP: rogue servers, starvation attacks and prevention
TCP SYN attacks and prevention - UDP attacks and prevention
- ICMP Smurf attacks and prevention
- FTP, telnet and SSH brute-force attacks and prevention
- Port scan detection and prevention
- Introduction to cryptography and terminology
- Encryption methods • Algorithms - symmetric, asymmetric
- Public key infrastructure (PKI)
- Port knocking
- Secure connections (HTTPS, SSH, WinBox)
- Default ports for the services
Alongside all the security topics covered, there is a specific module dedicated to explaining VPN tunneling. This module will include the following topics:
- Introduction to IPsec
- L2TP + IPsec
- SSTP with certificates
This course is specifically designed for network engineers, technicians, and students who aim to effectively deploy and secure networks utilizing MikroTik devices. It offers an in-depth and practical learning experience with numerous hands-on LABS, ensuring a comprehensive understanding of various types of cyber attacks and effective strategies to safeguard your MikroTik routers.
If your goal is to become a proficient MikroTik Security Professional and to successfully pass the MTCSE exam, then this course is a crucial step on your path. Don't hesitate to take this course and start your journey towards expert-level knowledge in MikroTik network security
Who this course is for
- Students and engineers interested to understand how to deploy security in MikroTik
- Students and engineers who wants to be prepared for the MikroTik MTCSE exam
What you'll learn
- Configuring Port Knocking on MikroTik router
- Disable unnecessary protocol on the MikroTik Router
- Configure user management to allow particular users to login into the MikroTik Router
- Protect the MikroTik Router from Brute force attacks
- Protect the MikroTik router from DHCP starvation attacks
- Protect the MikroTik router from rogue DHCP servers using DHCP Snooping
- Protect the MikroTik router from ICMP flood attack
- Protoct the MikroTik router from all type of DOS attacks
- Understand how packet flow works in MikroTik routers
- Understand and configure PPTP tunnelling
- Understand and configure L2TP/IPSEC tunnelling
- Understand and configure IPSEC VPN tunnelling
- Understand how to configure Firewall rule using RAW table
- Configure Firewall protection against TCP SYN attacks
- Configure Firewall Protection against UDP attacks and prevention
- Understand and configure Certificates in MikroTik routers to secure connections to the router
- Configure Bridge filtering
- Configure the MikroTik Router to prevent all type of ports scan
- Understand the different type of Chains in the MikroTik Firewall
- Prevent MNDP attacks using the MikroTik Firewall
- Understand and configure SSTP tunnelling protocol with certificates
- Understand IPSEC IKEv1 & IKEv2
- Configure IPSEC site to site
Requirements
- Have at least MikroTik MTCNA level
- Understand basic networking topics such as TCP/IP, OSI Layer, etc
- Have a good knowledge in MikroTik
Your Instructor
Hello, everyone!
I'm Maher Haddad, a MikroTik Certified Trainer, Cisco Authorized Instructor, and LigoWave Authorized Trainer.
In my courses, I emphasize a blend of theory and hands-on labs, giving you the opportunity to apply what you learn.
As of 2022, more than 100,000 students have benefitted from my training.
I hope you'll enjoy watching and learning from my courses.
Course Curriculum
- 18- Introduction to the MikroTik Firewall (1:34)
- 19- Overview of the Firewall on the MikroTik RouterOS (17:14)
- 20- Disabling Connection Tracking on the MikroTik Router (12:44)
- 21- What are the connection states availble on the MikroTik RouterOS (8:54)
- 22- Protect your MikroTik router using connection state in the Firewall (20:25)
- 23- Brute Force attack and Prevention (27:50)
- 24- Use the Firewall to Protect your MikroTik router from Ping flood (14:59)
- 25- Accept important ICMP Message types in your MikroTik Firewall (21:55)
- 26- Preventing ICMP Smurf attack (12:09)
- 27- Block Bogon IP addresses on MikroTik Firewall (7:54)
- 28- Drop port scan attacks using the MikroTik firewall (15:46)
- 29- Block Syn Flood and DDOS using the MikroTik Firewall (19:21)
- 30- Use MikroTik RAW firewall to protect your Network (9:20)
- 31- Preventing UDP Flood Attack (21:28)
- 32- MNDP Attack Prevention (16:24)
- 33- Redirect DNS traffic to the router’s DNS (11:57)
- 34- Changing the destination address using Dst-nat (7:31)
- 35- Use Mangle to mark connections and packets (17:09)
- 36- Use Mangle Hide your router IP address when doing traceroute (7:25)
- 37- Introduction to VPN (0:57)
- 38- What is VPN and why is it important to use it in our network (15:52)
- 39- L2TP IPSEC Tunneling protocol - Explanation (7:10)
- 40- Configuring L2TP site to site VPN (23:03)
- 41- Configuring L2TP IPSEC client to site VPN (10:38)
- 42- SSTP Tunneling Protocol - Explanation (8:08)
- 43- Configuring SSTP site to site VPN (without certificates) (14:10)
- 44- Configuring SSTP site to site VPN (with Certificates) (20:31)
- 45- Configuring SSTP client to site VPN (16:11)
- 3- What is IPSEC - Intro (1:37)
- 4- What is IPSEC - Explanation (9:10)
- 5- IPSEC Protocol suite explained (5:15)
- 6- IPSEC modes of communication - Transport vs Tunnel mode (8:16)
- 7- Types of Encryption - Symmetric vs Asymmetric (5:57)
- 8- Security over the internet using IPSEC (14:47)
- 9- Encyption Protocols (DES-3DES-AES-Blowfish-Camellia-RSA-DH) (15:30)
- 10- Data Integrity - Hashing Algorithms (MD5 - SHA1 - SHA256 - SHA512) (8:52)
- 11- IPSEC Authentication (Pre-shared key vs Certificates) (8:47)
- 12- IPSEC Negotiation Protocols (AH vs ESP) (8:10)
- 13- IPSEC Negotiation Process - Introduction (1:00)
- 14- IPSEC Negotiation Process and choices of IPSEC interesting traffic (9:04)
- 15- IPSEC IKE Phase 1 (ISAKMP Tunnel) (8:40)
- 16- IPSEC IKE Phase 1 (Main vs Aggressive mode) (5:43)
- 17- IPSEC IKE Phase 2 (IPSEC Tunnel) (7:03)
- 18- IPSEC Data Transfer (2:59)
- 19- Difference between IKEv1 and IKEv2 (5:45)
- 20- Introduction to the IPSEC LAB (1:27)
- 21- Pre-configuration of the IPSEC Tunnel (16:28)
- 22- Configuring site-to-site IPSEC tunnel using IKEv1 and IKEv2 - Part1 (21:00)
- 23- Configuring site-to-site IPSEC tunnel using IKEv1 and IKEv2 - Part2 (7:03)
- 24- Introduction to IPSEC IKEv2 Remote Access (1:30)
- 25- Creating Certificates for remote access IPSEC (14:38)
- 26- Configuring IPSEC IKEv2 remote access (14:33)
- MikroTik official trainings with Maher Haddad (3:27)