Frequently Asked Questions
Can I trust this site?
Since the software is open source, and freely available, you can have a look for yourself. There are no features that surreptitiously store or send a copy of your file anywhere. Some security related features built into the BRST include:
- Hosted BRST is via an HTTPS connection.
- A valid certificate has been purchased and applied.
That said, I don't own the server this is housed on, or any gear in between, so some precautions are in order. See "What precautions should I take?" below.
What is a border router?
A border router in the context of the BRST is a router that is positioned between a firewall and the Internet. They were often used as a conduit to connect a T1 or fractional T1 to a firewall which required an Ethernet connection.
If you don't have a border router, and wonder what security measures you can take, or what the BRST can do for you, see "What if I don't have a border router?", or "If I don't have a border router how can I use the BRST?" below.
What precautions should I take?
- Always have a backup of the running configuration (keep before and after changes copies).
- Do not use the user name or password you entered on the BRST form (change it before pasting it into the router).
- Consider using a fictitious outside IP Address and Gateway.
- If you're still concerned, or you want to modify the BRST, download the software, fire up a web server, and run it yourself.
I used the tool and now my router's borked. What can I do?
Hopefully, you followed the steps on the Start Here page and can get back up and running fairly quickly.
- Restore your router using the configuration file you created prior to using the BRST.
- Look over the session information you recorded when you tried to run the utility.
- Try correcting the error and reinstalling the configuration file.
- If for some crazy reason, you don't have a backup of the configuration, you should only need a few items to get back on line:
- Obtain the following information and enter it into the router:
- The gateway for your router (should be provided by your Internet Service Provider (ISP)).
- The interface, IP address, and subnet mask for your connection to your ISP (should also be provided by your ISP).
- The interface, IP address and subnet mask for your internal connection (you should know this or be able to find it out).
- If the error is with the BRST itself, please contact me so I can correct the problem.
What if I don't have a border router?
If you don't have a border router, you can still make sure your border is secure. If you don't have a high priced corporate grade firewall from a company like Cisco or Juniper, and want an open source alternative, consider a firewall like PFSense.
If you have other Cisco routers or switches within your network, read "If I don't have a border router how can I use the BRST?" below.
If I don't have a border router how can I use the BRST?
With Ethernet hand off's from ISP's more and more common, border routers are less often used. If you don't have a border router, but still have Cisco routers and layer 3 switches, you can use the BRST to:
- Generate a secure configuration template you can then adapt to secure other Cisco devices.
- There are some things to be aware of if you do this:
- The configuration file generated has built-in Access Control Lists (ACL's) which you'll have to locate and modify by hand to fit your network.
- You may have more interfaces or VLAN interfaces to handle than the tool was designed for. Try to replicate the intent of the ACL's for the various interfaces.
- There are additional measures you'll want to take on your Cisco switches, but many of the same configuration settings will apply to layer 3 switches.