GUÍA DE BUENAS PRÁCTICAS SOBRE CIBERSEGURIDAD EN ROUTEROS MEDIANTE CONTENEDORES

Marlon Mauricio Moposita-Tonato; Alberto Arellano-Aucancela

doi:10.46480/esj.9.2.237

Authors

Marlon Mauricio Moposita-Tonato Pontificia Universidad Católica del Ecuador
Alberto Arellano-Aucancela

DOI:

https://doi.org/10.46480/esj.9.2.237

Keywords:

RouterOS, Docker containers, OSSTMM, MikroTik, Cybersecurity maturity

Abstract

This study presents a best-practice guide to strengthen cybersecurity in MikroTik RouterOS devices that have support for containers, considering infrastructure-constrained environments such as home networks, academic laboratories, and small-scale organizations. The OSSTMM methodology was adopted as the reference framework and structured into five phases that include the initial system configuration, analysis of integrable services, container deployment, technical validation of the environment, and consolidation of results. Four specialized containers were developed and implemented, built from official images and adapted to the ARM64 architecture. Alpine, Nmap, Rsyslog, and FreeRADIUS were executed on a RouterBoard RB5009, incorporating functionalities such as service scanning, event logging, and centralized authentication, without compromising system stability. Operational behavior was monitored through integrated tools, allowing the registration of resource consumption and the functioning of the environment under different load conditions. The results obtained show that it is feasible to incorporate security capabilities through the use of Docker on RouterOS. This implementation allows advancing in cybersecurity maturity levels without requiring additional dedicated infrastructure.

Downloads

Download data is not yet available.

References

Algarni, A., Shah, I., Jehangiri, A. I., Ala’anzy, M. A., & Ahmad, Z. (2024). Predictive energy management for Docker containers in cloud computing: A time series analysis approach. IEEE Access, 12, 52524-52538. https://doi.org/10.1109/ACCESS.2024.3387436 DOI: https://doi.org/10.1109/ACCESS.2024.3387436

AlHidaifi, S. M., Asghar, M. R., & Ansari, I. S. (2024). A survey on cyber resilience: Key strategies, research challenges, and future directions. ACM Computing Surveys, 56(8), 1-48. https://doi.org/10.1145/3649218 DOI: https://doi.org/10.1145/3649218

Alqaisi, O. I., Tosun, A. Ş., & Korkmaz, T. (2023). Performance analysis of container technologies for computer vision applications on edge devices. IEEE Access, 12, 41852-41869. https://doi.org/10.1109/ACCESS.2024.3376570 DOI: https://doi.org/10.1109/ACCESS.2024.3376570

Cerino Frías, R., Magaña, J. Á. J., Hernández Cadena, A., Garrido Vázquez, J. N., & Gómez Zea, J. M. (2021). Análisis de la seguridad de Docker en servidores Linux. Innovación y Desarrollo Tecnológico: Revista Digital, 13(2), 617.

Donca, I.-C., Stan, O. P., Misaros, M., Stan, A., & Miclea, L. (2024). Comprehensive security for IoT devices with Kubernetes and Raspberry Pi cluster. Electronics, 13(1613). https://doi.org/10.3390/electronics13091613 DOI: https://doi.org/10.3390/electronics13091613

El Amin, H., Samhat, A. E., Chamoun, M., Oueidat, L., & Feghali, A. (2024). An integrated approach to cyber risk management with cyber threat intelligence framework to secure critical infrastructure. Journal of Cybersecurity and Privacy, 4(2), 357-381. https://doi.org/10.3390/jcp4020018 DOI: https://doi.org/10.3390/jcp4020018

Fernández González, D., Rodríguez Lera, F. J., Esteban, G., & Fernández Llamas, C. (2021). SecDocker: Hardening the continuous integration workflow. SN Computer Science, 3(1), 80. https://doi.org/10.1007/s42979-021-00939-4 DOI: https://doi.org/10.1007/s42979-021-00939-4

Flauzac, O., Mauhourat, F., & Nolot, F. (2020). A review of native container security for running applications. Procedia Computer Science, 175, 157-164. https://doi.org/10.1016/j.procs.2020.07.025 DOI: https://doi.org/10.1016/j.procs.2020.07.025

García Herrera, E. G., & Cuenca Tapia, J. P. (2021). Guía de implementación de buenas prácticas de seguridad en redes. Caso de estudio Infocentros MINTEL. Dominio de las Ciencias, 7(4), 377-398. https://doi.org/10.23857/dc.v7i4.2426

Herzog, P. (2010). The Open Source Security Testing Methodology Manual (OSSTMM 3). ISECOM - Institute for Security and Open Methodologies. Recuperado de https://www.isecom.org/OSSTMM.3.pdf

Jabr, I., Salman, Y., Shqair, M., & Hawash, A. (2024). Penetration testing and attack automation simulation: Deep reinforcement learning approach. An-Najah University Journal for Research – A (Natural Sciences), 39(1), 7-14. https://doi.org/10.35552/anujr.a.39.1.2231 DOI: https://doi.org/10.35552/anujr.a.39.1.2231

Kaiser, S., Haq, Md. S., Tosun, A. Ş., & Korkmaz, T. (2022). Container technologies for ARM architecture: A comprehensive survey of the state of the art. IEEE Access, 10, 84853-84872. https://doi.org/10.1109/ACCESS.2022.3197151 DOI: https://doi.org/10.1109/ACCESS.2022.3197151

Mikrotik. (2025a). Mikrotik Routers and Wireless—Products: RB5009UG+S+IN. Recuperado 24 de mayo de 2025, de https://mikrotik.com/product/rb5009ug_s_in

Mikrotik. (2025b). ROS-200525-1501-900 [Manual técnico]. Recuperado de https://box.mikrotik.com/d/1a069dba20724f279e30/files/?p=%2FROS-200525-1501-900.pdf

Mills, A., White, J., & Legg, P. (2023). Longitudinal risk-based security assessment of Docker software container images. Computers & Security, 135, 103478. https://doi.org/10.1016/j.cose.2023.103478 DOI: https://doi.org/10.1016/j.cose.2023.103478

Nkengereye, L., Lee, B. G., & Chung, W.-Y. (2025). Functionality-aware offloading technique for scheduling containerized edge applications in IoT edge computing. Journal of Cloud Computing: Advances, Systems and Applications, 14(13). https://doi.org/10.1186/s13677-025-00737-w DOI: https://doi.org/10.1186/s13677-025-00737-w

Ochoa Villanueva, C. A., & Roman Gonzalez, A. (2023). Implementation of a RADIUS server for access control through authentication in wireless networks. International Journal of Advanced and Applied Sciences, 10(3), 183-188. https://doi.org/10.21833/ijaas.2023.03.022 DOI: https://doi.org/10.21833/ijaas.2023.03.022

Palate, B. M., & Avila, D. (2021). Mitigación de vulnerabilidades en la red central de un ISP: Un caso de estudio. Ecuadorian Science Journal, 5(2), 68-82. https://doi.org/10.46480/esj.5.2.117 DOI: https://doi.org/10.46480/esj.5.2.117

Palma, C. M. V., & Carrillo, J. M. (2022). Metodologías de testeo de redes de datos. Revista Científica Sinapsis, 21(1). https://doi.org/10.37117/s.v21i1.647 DOI: https://doi.org/10.37117/s.v21i1.647

Prakosa, B. A., Afrianto, Y., Agustiyan, S., & Setiadi, I. H. (2024). Evaluating bandwidth management techniques on Mikrotik routers: A multiple linear regression approach. Ingénierie Des Systèmes d’Information, 29(4), 1561-1572. https://doi.org/10.18280/isi.290429 DOI: https://doi.org/10.18280/isi.290429

Pramana Wijaya, I. G. A. S., Arya Sasmita, G. M., & Eka Pratama, I. P. A. (2024). Web application penetration testing on Udayana University’s OASE e-learning platform using Information System Security Assessment Framework (ISSAF) and Open Source Security Testing Methodology Manual (OSSTMM). I.J. Information Technology and Computer Science, 2024(2), 45-56. https://doi.org/10.5815/ijitcs.2024.02.04 DOI: https://doi.org/10.5815/ijitcs.2024.02.04

Wang, K., Wu, S., Cui, Y., Huang, Z., Fan, H., & Jin, H. (2024). System log isolation for containers. Frontiers of Computer Science, 19(195106). https://doi.org/10.1007/s11704-024-2568-8 DOI: https://doi.org/10.1007/s11704-024-2568-8

Wijayanto, A., Riadi, I., Prayudi, Y., & Sudinugraha, T. (2022). Network forensics against address resolution protocol spoofing attacks using trigger, acquire, analysis, report, action method. Jurnal Ilmiah Teknologi Sistem Informasi, 8(2), 156-169. https://doi.org/10.26594/register.v8i2.2953 DOI: https://doi.org/10.26594/register.v8i2.2953