Juniper Networks updates software in wake of security flaws

Juniper Networks updates software in wake of security flaws

Fixing the vulnerabilities discovered in Juniper Networks equipment is proving to be a multistep affair.

After unauthorized code was found in the company's Netscreen firewall that could decrypt traffic sent over virtual private networks, Juniper first issued patched releases for the latest versions of ScreenOS, the affected software, in order to remove unauthorized administrative access and address VPN decryption.

After further investigation, however, the company also decided to replace the Dual_EC random number generator in NetScreen firewalls with the random number generation technology already used in other Junos OS products. The changes will be made starting with new ScreenOS 6.3 software and future releases the first half of this year.

Juniper CIO Bob Worrall said the security of Junos OS has been checked using source code in “hot spots,” where similar code found in ScreenOS could be found, including VPN code, encryption code and authentication code.

Ars Technica reported that Dual_EC has been known to contain security weaknesses since 2007 and is suspected of having a backdoor, inserted by the National Security Agency, that allows VPN decryption.

Further questions also rose from research  by the University of Illinois at Chicago’s Stephen Checkoway, which shows that separate code changes made in 2008, 2012 and 2014 made it easier for adversaries to break the NetScreen firewall encryption, Ars Technica explained.

These software flaws have become a source of concern for the federal government, with the Department of Defense warning contractors of the vulnerability, which could compromise affected systems.  

According to Juniper, the investigation of the origin of the unauthorized code is ongoing.

About the Author

Amanda Ziadeh is a former reporter/producer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected