Juniper Networks updates software in wake of security flaws

Juniper Networks updates software in wake of security flaws

Fixing the vulnerabilities discovered in Juniper Networks equipment is proving to be a multistep affair.

After unauthorized code was found in the company's Netscreen firewall that could decrypt traffic sent over virtual private networks, Juniper first issued patched releases for the latest versions of ScreenOS, the affected software, in order to remove unauthorized administrative access and address VPN decryption.

After further investigation, however, the company also decided to replace the Dual_EC random number generator in NetScreen firewalls with the random number generation technology already used in other Junos OS products. The changes will be made starting with new ScreenOS 6.3 software and future releases the first half of this year.

Juniper CIO Bob Worrall said the security of Junos OS has been checked using source code in “hot spots,” where similar code found in ScreenOS could be found, including VPN code, encryption code and authentication code.

Ars Technica reported that Dual_EC has been known to contain security weaknesses since 2007 and is suspected of having a backdoor, inserted by the National Security Agency, that allows VPN decryption.

Further questions also rose from research  by the University of Illinois at Chicago’s Stephen Checkoway, which shows that separate code changes made in 2008, 2012 and 2014 made it easier for adversaries to break the NetScreen firewall encryption, Ars Technica explained.

These software flaws have become a source of concern for the federal government, with the Department of Defense warning contractors of the vulnerability, which could compromise affected systems.  

According to Juniper, the investigation of the origin of the unauthorized code is ongoing.

About the Author

Amanda Ziadeh is a former reporter/producer for GCN.

Featured

  • senior center (vuqarali/Shutterstock.com)

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/Shutterstock.com)

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected