Home » > isp Consulting Blog » Mikrotik Security Reminder (backups)

Mikrotik Security Reminder (backups)

Mikrotik, one of the most inexpensive and yet widely used router platforms in the ISP world, on versions RouterOS 6.44 and prior, used the routers username/password to encrypt the backups by default.

RouterOS 6.45 and beyond does NOT encrypt backups unless you specifically choose to do so.

Now – Why is this important?

While investigating a network that was compromised, we began logging and grabbing packets and an older password was being used to gain access to routers.

That being said – you can easily encrypt your backups by manually doing them and choosing encryption, from terminal making sure you specifically ask for encryption
Example: # system backup save dont-encrypt=no encryption=aes-sha256 password=”chooseAStrongPasswordHere”

Connectivity.Engineer suggests a great system like Unimus. We were originally introduced to Unimus by Justin Wilson and then had the Privilege of having a booth next to Unimus at the MUM in Austin TX. While there we learned quite a bit about the product – and have installed it, had to ask a few times for support from Tomas and after trying other products (many even free) Unimus for automation takes the cake hands down.

In any event – make sure to download ALL backups and destroy any that are NOT encrypted once you have a new backup. (or make sure the non-encrypted are safe under lock and key)

Leave a Reply