Version 2.0.1

Advanced - Border Router Security Tool (BRST)

"Securing the Internet one router at a time."

Advanced configuration page - lets you choose all of your options.

About Your Router

Enter a few details about your router.

Code version: . ()
Router model:
Crypto support?:

Router IP Information

Information relating to your router's interface names and IP addresses.

Gateway

This IP Address should be provided by your Internet Service Provider (ISP).

Gateway IP Address: . . .

Outside (WAN) Interface

The Outside or Wide Area Nework (WAN) Interface is the one that connects your router to the Internet Service Provider's (ISP's) network.

Outside (WAN) Inteface Name:
IP Address: . . .
Subnet Mask: . . .

Inside Interface

The Inside Interface is the one that connects the router to your Firewall or inside network.

Inside Inteface Name:
IP Address: . . .
Subnet Mask: . . .

Disabling Global Services

Many unneeded global services are on by default. We'll disable them here.

More information on protocols and services and recommended settings is available here.


(Select All recommended)

Internet Interface Services

Let's disable the following services on the "outside" or Internet facing interface:


(Select All recommended)

Inside Interface Services

Disable the following services on the "inside" or firewall facing interface.


(Select All recommended)

Enable Good Services

These services can provide better security for your router and should be enabled:


(Select All Recommended)

Null Interface and Null Routing

Select whether to create a null interface (used for null, or "black hole" routing of unwanted traffic), and configure null routing.

that will be used for null routing.

Service IP's and Information

IP addresses for services and configuring access to the router.

Loopback Interface

Enter an IP address for your loopback interface (if you don't know, enter 127.0.0.1).

Loopback IP: . . .

NTP Servers

Enter the IP addresses for your Network Time Protocol (NTP) Servers. (If you don't know, find one here.)

Enable NTP:
NTP Server 1: . . .
NTP Server 2: . . .

Securing Access

Configure Access, Authentication, and Authorization (AAA)

Enable AAA to be able to view the actions of users.

Remote Access Computer

Enter the IP address of a trusted computer you will use to access the router remotely.

Trusted IP: . . .

Disable Aux Port

The auxiliary port, if your router has one, is normally not needed and should be disabled. Uncheck this if your router does not have an aux port.

Console Port

The console port is used to access the router locally using a serial connection and terminal emulation software like Putty or TeraTerm.

VTY Port

The virtual terminal (vty) ports are used to connect to the router with remote access protocols like SSH.

Access Control Lists (ACL's)

Create inside and outside access control lists to control traffic flow to and through the router.

Restricting Command Access

Some commands that are available to all user levels should be restricted to administrator level.

User Information

Enter a username and password (change the username, password, and enable secret password in the text file you receive prior to loading into the router).

Username:
Password:
Enable Secret Password:

Logging

Provide some information to set up logging.

Interface name and IP address.

Local DMZ Interface Name:
Local DMZ Interface IP: . . .

Syslog server IP address and DMZ subnet mask.

Local DMZ Syslog Server IP: . . .
Local DMZ Interface Mask: . . .

Firewall DMZ Syslog Server IP address: . . .

Disclaimer and Licensing

The "fine print."

This software is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Cisco, Cisco Systems, and IOS are registered trademarks of Cisco Systems, Inc. in the USA and certain other countries. All other trademarks are trademarks of their respective owners.

BRST - Border Router Security Tool, Helps administrators secure their border routers. Copyright © 2014 Ted LeRoy

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

A local copy of the license can be found at copying.

theodore_dot_leroy_at_yahoo_dot_com

Source code can be obtained at: https://sourceforge.net/projects/borderroutersec/