Scribd
Upload
176 views

Akbar PDF

This document provides a summary of Mikrotik RouterOS Security Audit Checklist presented by Akbar Azwir at a Mikrotik User Meeting in Indonesia in 2014. The checklist contains questions to audit RouterOS configurations based on ISO 27001 controls and is intended to help organizations assess the security of their RouterOS implementations. It covers areas like router policy, administrator authentication, access management, configuration management, business continuity, log management and incident handling. The full checklist can be downloaded from the listed website under a Creative Commons license.

Uploaded by

Komasudin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
176 views

Akbar PDF

This document provides a summary of Mikrotik RouterOS Security Audit Checklist presented by Akbar Azwir at a Mikrotik User Meeting in Indonesia in 2014. The checklist contains questions to audit RouterOS configurations based on ISO 27001 controls and is intended to help organizations assess the security of their RouterOS implementations. It covers areas like router policy, administrator authentication, access management, configuration management, business continuity, log management and incident handling. The full checklist can be downloaded from the listed website under a Creative Commons license.

Uploaded by

Komasudin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Mikrotik RouterOS

Security Audit Checklist


Akbar Azwir / Mikrotik User Meeting Indonesia 2014
About me http://id.linkedin.com/in/akbarazwir/

Akbar Azwir
• Graduated from Binus University
• Certified Trainer since 2008

• Founded Forum Mikrotik Indonesia in 2007


• Working in PT Bayan Resouces Tbk since 2008

• Trainer at BelajarMikrotik.Com

02
About me
Belajar Mikrotik
• Started in 2013 by Herry Darmawan and Akbar
Azwir

• We deliver all Certified Mikrotik class, Academy


class, and Integration class

• Working with more than 10 partners we have


delivered almost 30 trainings throughout 2014

• Please visit our website at


www.belajarmikrotik.com or
www.belajarmikrotik.co.id for more information

• Please ask us for training discount coupon


during MUM Indonesia 2014 only

02
Information Security

Information
Assets that has a value which therefor needs
protection

Information Security
Preservation of Confidentiality, Integrity, and
Availability of an information

02
Information Security

Graphic: http://www.cyberintelligence.my/our-approach/
03
Information Security

There’s no such thing as Information Security is a


100% secure continuous effort

Graphic : http://www.iphonefaq.org/archives/ios-501,
http://idealway.tumblr.com/post/1434031686/3-reasons-why-continuous-improvement-efforts-fail 04
ISO 27001

ISO/IEC 27001:2013
Information technology – Security techniques –
Information security management systems -
Requirements
Standards that provides methodology for the implementation of
Information Security Management System in an organization.

Can be implemented in any kind of organization, profit or non-profit,


private or state-owned, small or large.

05
ISO 27001
Benefit ISO 27001 PDCA Cycle

• Achieve marketing
advantage
• Lower cost
• Better organization
• Comply with legal
requirements or regulations

Graphic : http://www.netgrowthltd.co.uk/ISO27001.aspx
06
ISO 27001 Structures
Sections 0 to 3 are
introductory and are not
Section 0 Section 1
Section 2 Section 3 mandatory for implementation
Normative Terms and
Introduction Scope
references definitions
Sections 4 to 10 contains
requirements that must be
Section 7 Section 6 Section 5
Section 4 implemented in an
Context of the
Support Planning Leadership
organization organization if it wants to
comply

Section 9
Annex A contains 114 controls
Section 8 Section 10
Operation
Performance
Improvement
Annex A that must be implemented if
evaluation
applicable

07
Checklist

Mikrotik RouterOS Security


Audit Checklist contains
questions based on Annex A
controls that are applicable to
Mikrotik RouterOS

Derivative work from the same


document for Cisco Router from
www.iso27001security.com

This is not a security advice


document

Ver 0.91 – On going works

08
Checklist Download

Mikrotik RouterOS Security Audit Checklist is licensed under Creative


Commons

Can be downloaded from :

http://www.belajarmikrotik.com/?p=21598

08
Checklist Categories

Router Policy
Contains question regarding the existence of Router Security Policy

Administrator Authentication
Questions about the procedure and technical control on how
administrator access to the router

Router Access Management


Questions about services to access routers and snmp usage

09
Checklist Categories

Configuration Management
Contains question regarding the management of router configuration

Business Continuity
Questions about the procedure for disaster recovery and business
continuity

Log Management and Incident Handling


Questions about how the logs are being managed and the procedure
for handling any incident

10
Thank you

For more info please contact us

[email protected]
www.belajarmikrotik.com
Credits

Thank you for the support for this presentation

Dirga Yosafat Hyasintus


Sigit Pratomo
Gajendran Kandasamy, PhD

Herry Darmawan
Adhie Lesmana

12

You might also like