Juniper Network Investigates on Unauthorized code in ScreenOS
SUNNYVALE, CA: Juniper Networks, a developer and manufacturer of networking equipments and network security products has recently disclosed about the discovery of unauthorized code in the ScreenOS software which is used in their Netscreen products, reports Joseph Menn,REUTERS.
From an internal code review, Juniper found an unauthorized code in ScreenOS that allows a knowledgeable attacker to have administrative access to Netscreen devices and to decrypt Virtual Private Network (VPN) connections. The team found that Juniper’s code has changed in multiple ways to enable eavesdropping on a virtual private network sessions by customers. Analysts believe the code was developed by the National Security Agency and now Juniper decided to stop using the code.
The National Security Agency (NSA) provides products and services to the defense department, the intelligence community, government agencies, industry partners, and selected allies and coalition partners. NSA’s Information Assurance eliminates risk of preventing foreign adversaries from gaining access to sensitive or classified national security information. Similarly, the Signals Intelligence mission will collects, processes, and disseminates intelligence information from foreign signals for intelligence and counterintelligence purposes and to support military operations. Also NSA makes available, critical strategic and tactical information to war planners and war fighters.
Juniper notified that it will be rolling out the new versions of security software to replace those that count on numbers generated by Dual Elliptic Curve technology (ECC). ECC is an alternative mechanism to implement public-key cryptography based on the algebraic curves over finite fields. It uses smaller keys regarding security solutions.
Before, Juniper had discovered and replaced two unauthorized pieces of code that allowed “back door” access. According to Shacham, Researcher, University of California, San Diego, the 2012 code changed a mathematical constant in Juniper's Netscreen products that should have allowed its author to eavesdrop.
Similarly, a curve constant provided by NSA and required for some federal certification was exposed in documents leaked by former NSA contractor Edward Snowden as a key to the back door. For clarifications Juniper will investigate further about the incidents.
By John Kamin, EVP and CIO, Old National Bancorp
By Gregg T. Martin, VP & CIO, Arnot Health
By Dave Doyle, CIO & SVP, IT, Regal Entertainment Group
By Sergey Cherkasov, CIO, PhosAgro
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Mike Fitton, Wireless Business Unit Director, Altera
By Jim Kaskade, VP and GM, Big Data & Analytics, CSC
By Thomas Musgrave, EVP & CIO, AmeriCold Logistics
By Vin Sharma, Director, Strategic Planning & Marketing, Big...
By Federico Flórez, Chief Information & Innovation Officer,...
By Barbara Adams, VP, Innovative Technology Solutions, Texas...
By John Mason, CIO, Bottomline Technologies
By Jamshid Khazenie, CTO, USA Today Network / Gannett
By Miguel Gamino, CIO & Executive Director-Department of...
By Bill Schimikowski, VP, Customer Experience, Fidelity...
By Tom Bressie, Vice President, Oracle Cloud
By John Landwehr, Public Sector CTO, Adobe
By Aaron Gette, CIO, The Bay Club Company
By Denise Zabawski, CIO, Nationwide Children's Hospital
By Amit Bahree, Executive, Global Technology and Innovation,...