Security Essentials

This document outlines how to configure and apply the Security Essentials feature to your MikroTik devices.

---

Default Policy

when you sing up for MikroCloud, a default Security Essentials policy will automatically be created. This default policy includes pre-configured settings that ensures protection and a default block list of IP addresses and prefixes.

The following are enabled by default:

Policy	Description
RFC 1918 IP Ranges:	Private IP addresses used for internal network communication.
FullBogons by Team Cymru:	Filtering of unallocated or reserved IP addresses.
FireHOL Level 1:	Basic firewall protection against common threats.
Emerging Block IPs:	Updated lists of known malicious IPs.

---

Creating a Security Essentials Policy

In order to create a new Security Essentials policy, you can follow the steps outlined below.

Step 1: Navigate to the Security Essentials Policy Page

1. From your dashboard, navigate to the Security Essentials page, which can be found under Policies -> Security Essentials

1. When you are on the Security Essentials page, click on the + Add button in order to begin creating the new policy.

A new page will open up

Step 2: Configure your Policy

1. You can give your policy a name
2. Underneath the policy name, you will see a Lists entry, this entry explains what each of the tiles do.
   • Click all of the tiles which you want to include in this policy.
3. When done, you can click on the Add button at the bottom right of the page.

Congrats! You have now successfully added your first Security Essentials Policy

Step 3: Add the Configured Security Essentials Policy to your Devices

1. From your dashboard, navigate to your Sites.
2. Select the site you want to apply the policy to.
3. From your site's Overview page, click on the Add Policy drop-down underneath the Security Policy tile.
4. Select the Security Essentials policy tht you just created.

5. That's it, give the device a few moments to apply the configuration to your devices.

---

Editing a Security Essentials Policy

You may need to update your existing Security Essentials policies to refine the IP Address and prefix blacklists.

Step 1: Access your Security Essentials Policies.

1. From your Dashboard, navigate to Policies -> Security Essentials
   • You will see a list of all existing Security Essentials policies.

Step 2: Edit the Policy

1. Click on the policy you would like to edit/ update.
   • This will open the configuration page where you can make changes.
2. Tick or untick all the toggle switches you would like to add or remove from this specific policy.
3. Once you've made your update(s), the configuration will apply automatically to all of your sites which have this security policy active.

---

Removing a Security Essentials Policy

Sometimes you might want to remove a security policy from your devices for various reasons, in order to do this, follow the steps below.

1. From your dashboard, navigate to your Sites.
2. Select the site you want to apply the policy to.
3. From your site's Overview page, click on the Trashcan Icon underneath the Security Policy widget.
4. That's it, give the device a few moments to issue and remove the policy on the device.