Hacker News new | past | comments | ask | show | jobs | submit login

the one linked is especially bad, i allows anybody to read the admin password. the problem is also that a lot of them are running old versions because the update process is not as straightforward as ubiquitu for example. i also run mikrotik at home and have deployed mikrotik and ubiquiti at out different offices. for the price you can hardly beat mikrotik and once you "get into it" it's fairly simple.

Yes, that’s bad but note that even unpatched it is only an issue if the GUI management port has been left open - which seems to be the case with all the security issues people highlight with Mikrotik

I wouldn’t disagree that management ports should probably be locked down out of the box but I would expect anyone reading this to apply some basic lockdown when setting up any device

I just want to offer a counterpoint to an assertion that I often see here claiming they are insecure which I don’t think is justified

Certainly if you are not into networking and want something that just works then Unifi is great, but if you want something with bucketloads more functionality and don’t mind getting your hands dirty then don’t be put off Mikrotik due to security concerns

> the one linked is especially bad, i allows anybody to read the admin password.

Only if you have exposed management port to the internet, which you should never do.

You just upload a file and reboot... that seems like a pretty simple procedure to me...?

There's also the automatic upgrade option, so you don't have to upload anything manually: https://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS#Aut...

Yes, and IMO its less likely to "ruin" the device (i.e. reset all settings on a roof-mounted CPE that you are upgrading remotely) than Unifi updates for LiteBeam... Though I have only used MikroTik SXT and SXTsq and Ubiquiti LiteBeam M5 so I am not the best to judge.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact