Has any one written a script to secure the mikrotik from unauthorized access attempts? Part of the issue is that the mikrotik listens on all public interfaces. Most commercial routers have some facility like Juniper's implicit deny or Cisco's vty "funneling". It would be pretty easy to have a static list of authorized administrator IPs, and you can have a firewall rule that says all traffic forwarding to 'list of all directly connected interface IPs" that does not equal your list "approved admin IPs", gets dropped. The issue I'm running into is generating a script to keep that "list of all directly connected interface IPs" current.

Effectively, I need to take the IPs from /ip address print, and append them to /ip firewall address-list (pending they aren't already present).

We like port knocking. You must access a port other than your desired port to load the list then test to see if you are in the list before accepting.
If someone is scanning ports around the knocked port, you clear the list.

See old MUM presentations for details.