Best Practices Guide for Cybersecurity in RouterOS UsingContainers
DOI:
https://doi.org/10.46480/esj.9.2.237Keywords:
RouterOS, Docker containers, OSSTMM, MikroTik, Cybersecurity maturityAbstract
Context: This study presents a best-practice guide to strengthen cybersecurity in MikroTik RouterOS devices that have support for containers, considering infrastructure-constrained environments such as home networks, academic laboratories, and smallscale organizations. Methodology: The OSSTMM methodology was adopted as the reference framework and structured into five phases that include the initial system configuration, analysis of integrable services, container deployment, technical validation of the environment, and consolidation of results. Results: Four specialized containers were developed and implemented, built from
official images and adapted to the ARM64 architecture. Alpine, Nmap, Rsyslog, and FreeRADIUS were executed on a RouterBoard RB5009, incorporating functionalities such as service scanning, event logging, and centralized authentication, without compromising system stability. Operational behavior was monitored through integrated tools, allowing the registration of resource consumption
and the functioning of the environment under different load conditions. Conclusions: The results obtained show that it is feasible to incorporate security capabilities through the use of Docker on RouterOS. This implementation allows advancing in cybersecurity
maturity levels without requiring additional dedicated infrastructure.
Downloads
References
Algarni, A., Shah, I., Jehangiri, A. I., Ala’anzy, M. A., & Ahmad, Z. (2024). Predictive energy management for Docker containers in cloud computing: A time series analysis approach. IEEE Access, 12, 52524-52538. https://doi.org/10.1109/ACCESS.2024.3387436 DOI: https://doi.org/10.1109/ACCESS.2024.3387436
AlHidaifi, S. M., Asghar, M. R., & Ansari, I. S. (2024). A survey on cyber resilience: Key strategies, research challenges, and future directions. ACM Computing Surveys, 56(8), 1-48. https://doi.org/10.1145/3649218 DOI: https://doi.org/10.1145/3649218
Alqaisi, O. I., Tosun, A. Ş., & Korkmaz, T. (2023). Performance analysis of container technologies for computer vision applications on edge devices. IEEE Access, 12, 41852-41869. https://doi.org/10.1109/ACCESS.2024.3376570 DOI: https://doi.org/10.1109/ACCESS.2024.3376570
Cerino Frías, R., Magaña, J. Á. J., Hernández Cadena, A., Garrido Vázquez, J. N., & Gómez Zea, J. M. (2021). Análisis de la seguridad de Docker en servidores Linux. Innovación y Desarrollo Tecnológico: Revista Digital, 13(2), 617.
Donca, I.-C., Stan, O. P., Misaros, M., Stan, A., & Miclea, L. (2024). Comprehensive security for IoT devices with Kubernetes and Raspberry Pi cluster. Electronics, 13(1613). https://doi.org/10.3390/electronics13091613 DOI: https://doi.org/10.3390/electronics13091613
El Amin, H., Samhat, A. E., Chamoun, M., Oueidat, L., & Feghali, A. (2024). An integrated approach to cyber risk management with cyber threat intelligence framework to secure critical infrastructure. Journal of Cybersecurity and Privacy, 4(2), 357-381. https://doi.org/10.3390/jcp4020018 DOI: https://doi.org/10.3390/jcp4020018
Fernández González, D., Rodríguez Lera, F. J., Esteban, G., & Fernández Llamas, C. (2021). SecDocker: Hardening the continuous integration workflow. SN Computer Science, 3(1), 80. https://doi.org/10.1007/s42979-021-00939-4 DOI: https://doi.org/10.1007/s42979-021-00939-4
Flauzac, O., Mauhourat, F., & Nolot, F. (2020). A review of native container security for running applications. Procedia Computer Science, 175, 157-164. https://doi.org/10.1016/j.procs.2020.07.025 DOI: https://doi.org/10.1016/j.procs.2020.07.025
García Herrera, E. G., & Cuenca Tapia, J. P. (2021). Guía de implementación de buenas prácticas de seguridad en redes. Caso de estudio Infocentros MINTEL. Dominio de las Ciencias, 7(4), 377-398. https://doi.org/10.23857/dc.v7i4.2426
Herzog, P. (2010). The Open Source Security Testing Methodology Manual (OSSTMM 3). ISECOM - Institute for Security and Open Methodologies. Recuperado de https://www.isecom.org/OSSTMM.3.pdf
Jabr, I., Salman, Y., Shqair, M., & Hawash, A. (2024). Penetration testing and attack automation simulation: Deep reinforcement learning approach. An-Najah University Journal for Research – A (Natural Sciences), 39(1), 7-14. https://doi.org/10.35552/anujr.a.39.1.2231 DOI: https://doi.org/10.35552/anujr.a.39.1.2231
Kaiser, S., Haq, Md. S., Tosun, A. Ş., & Korkmaz, T. (2022). Container technologies for ARM architecture: A comprehensive survey of the state of the art. IEEE Access, 10, 84853-84872. https://doi.org/10.1109/ACCESS.2022.3197151 DOI: https://doi.org/10.1109/ACCESS.2022.3197151
Mikrotik. (2025a). Mikrotik Routers and Wireless—Products: RB5009UG+S+IN. Recuperado 24 de mayo de 2025, de https://mikrotik.com/product/rb5009ug_s_in
Mikrotik. (2025b). ROS-200525-1501-900 [Manual técnico]. Recuperado de https://box.mikrotik.com/d/1a069dba20724f279e30/files/?p=%2FROS-200525-1501-900.pdf
Mills, A., White, J., & Legg, P. (2023). Longitudinal risk-based security assessment of Docker software container images. Computers & Security, 135, 103478. https://doi.org/10.1016/j.cose.2023.103478 DOI: https://doi.org/10.1016/j.cose.2023.103478
Nkengereye, L., Lee, B. G., & Chung, W.-Y. (2025). Functionality-aware offloading technique for scheduling containerized edge applications in IoT edge computing. Journal of Cloud Computing: Advances, Systems and Applications, 14(13). https://doi.org/10.1186/s13677-025-00737-w DOI: https://doi.org/10.1186/s13677-025-00737-w
Ochoa Villanueva, C. A., & Roman Gonzalez, A. (2023). Implementation of a RADIUS server for access control through authentication in wireless networks. International Journal of Advanced and Applied Sciences, 10(3), 183-188. https://doi.org/10.21833/ijaas.2023.03.022 DOI: https://doi.org/10.21833/ijaas.2023.03.022
Palate, B. M., & Avila, D. (2021). Mitigación de vulnerabilidades en la red central de un ISP: Un caso de estudio. Ecuadorian Science Journal, 5(2), 68-82. https://doi.org/10.46480/esj.5.2.117 DOI: https://doi.org/10.46480/esj.5.2.117
Palma, C. M. V., & Carrillo, J. M. (2022). Metodologías de testeo de redes de datos. Revista Científica Sinapsis, 21(1). https://doi.org/10.37117/s.v21i1.647 DOI: https://doi.org/10.37117/s.v21i1.647
Prakosa, B. A., Afrianto, Y., Agustiyan, S., & Setiadi, I. H. (2024). Evaluating bandwidth management techniques on Mikrotik routers: A multiple linear regression approach. Ingénierie Des Systèmes d’Information, 29(4), 1561-1572. https://doi.org/10.18280/isi.290429 DOI: https://doi.org/10.18280/isi.290429
Pramana Wijaya, I. G. A. S., Arya Sasmita, G. M., & Eka Pratama, I. P. A. (2024). Web application penetration testing on Udayana University’s OASE e-learning platform using Information System Security Assessment Framework (ISSAF) and Open Source Security Testing Methodology Manual (OSSTMM). I.J. Information Technology and Computer Science, 2024(2), 45-56. https://doi.org/10.5815/ijitcs.2024.02.04 DOI: https://doi.org/10.5815/ijitcs.2024.02.04
Wang, K., Wu, S., Cui, Y., Huang, Z., Fan, H., & Jin, H. (2024). System log isolation for containers. Frontiers of Computer Science, 19(195106). https://doi.org/10.1007/s11704-024-2568-8 DOI: https://doi.org/10.1007/s11704-024-2568-8
Wijayanto, A., Riadi, I., Prayudi, Y., & Sudinugraha, T. (2022). Network forensics against address resolution protocol spoofing attacks using trigger, acquire, analysis, report, action method. Jurnal Ilmiah Teknologi Sistem Informasi, 8(2), 156-169. https://doi.org/10.26594/register.v8i2.2953 DOI: https://doi.org/10.26594/register.v8i2.2953
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Marlon Mauricio Moposita-Tonato, Alberto Arellano-Aucancela
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Authors retain the copyright of their articles and are therefore free to share, copy, distribute, perform, and publicly communicate their work on their personal websites or in institutional repositories after its publication in this journal, provided that full bibliographic information is given to acknowledge its original publication.
How to Cite
