Mikrotik Config and Update for more security

*** your winbox port will be change from 8291 to 58291 ***

services will be disable
neighbor, ssh, www, api, api-ssl, ftp, www-ssl
mac-telnet, mac-winbox, mac-ping
romon, bandwidth-server

Firewall
drop all incoming dns request from outsite

Don’t forgot create a new user and test login before disable admin user
/user add group=full name=youruser password=yourpassword
/user disable admin

/ip neighbor discovery-settings set discover-interface-list=none
/ip service disable ssh,www,api,api-ssl,ftp,www-ssl
/ip service set winbox port=58291

/ip firewall filter
add action=drop chain=input comment=drop-dns dst-port=53 protocol=tcp src-address-type=!local
add action=drop chain=input comment=drop-dns dst-port=53 protocol=udp src-address-type=!local

/tool mac-server set allowed-interface-list=none
/tool mac-server mac-winbox set allowed-interface-list=none
/tool mac-server ping set enabled=no
/tool romon set enabled=no
/tool bandwidth-server set enabled=no

/system package update set channel=bugfix
/system package update check-for-updates
/system package update download
/system reboot
Reboot, yes? [y/N]:
y

/system routerboard upgrade
Do you really want to upgrade firmware? [y/n]
y

for more security please contact me :)
ref: https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router