Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Juniper to Enhance RNG in ScreenOS

Following the discovery of unauthorized code, Juniper Networks announced on Friday that it will replace the random number generation (RNG) technology in its ScreenOS operating system with the one currently used in Junos OS products.

Following the discovery of unauthorized code, Juniper Networks announced on Friday that it will replace the random number generation (RNG) technology in its ScreenOS operating system with the one currently used in Junos OS products.

Juniper revealed in mid-December that it had identified unauthorized code in ScreenOS, the operating system used by the company’s NetScreen firewalls. The unauthorized code introduces a vulnerability that can be leveraged to remotely gain administrative access to affected devices via SSH or telnet, and a weakness that allows an attacker with access to VPN connections to decrypt VPN traffic.

The vulnerabilities have been patched by the company with the release of ScreenOS 6.2.0r19 and 6.3.0r21. However, researchers found that despite attempts by malicious actors to exploit the authentication bypass flaw, more than 1,500 devices had remained unpatched as of last week.

After examining the available evidence, external researchers determined that the VPN decryption vulnerability might be related to the use of the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) in ScreenOS.

Dual EC DRBG came in the spotlight in late 2013 when reports surfaced that the NSA created a backdoor and allegedly paid RSA $10 million to get the company to use it by default in one of its toolkits.

Juniper has argued that the Dual EC DRBG standard has not been used as the primary RNG, and the company says it hasn’t used the curve points recommended by NIST and instead uses self-generated basis points, which should provide sufficient crypto.

Experts suggested that while Juniper changed the “locks” on the system, someone might have broken in and changed them again. Some also suggested that the use of Dual EC might have also made the patches released by the company ineffective.

In a statement published on Friday, Juniper Networks’ SVP chief information officer, Bob Worrall, denied reports that the use of Dual EC in ScreenOS prevents the recently discovered vulnerabilities from being fixed properly.

Advertisement. Scroll to continue reading.

Juniper has conducted a thorough investigation of the source code for ScreenOS and Junos OS, the operating system that powers the company’s routing, switching and security devices. The investigation found no additional evidence of tampering and led to the conclusion that it would be much more difficult to plant unauthorized code in Junos.

The company has decided to replace Dual EC and ANSI X9.31 in ScreenOS 6.3 with the same RNG technology used in Junos OS products. The ScreenOS release that will include a more robust RNG subsystem will become available in the first half of 2015.

In the meantime, Juniper says it’s confident that the current version of ScreenOS has sufficient cryptology.

“We believe that the existing code using Dual_EC with self-generated basis points provides sufficient cryptology notwithstanding issues with the second ANSI X.9.31 random number generator,” Worrall said.

Some experts suspected that the NSA might have had something to do with the backdoors found in Juniper firewalls, especially since leaked documents showed that the agency targeted the security firm’s products in the past. However, the FBI has launched an investigation into the incident after U.S. officials raised concerns that the backdoors might have been planted by a foreign government. Juniper Networks says the investigation into the origin of the unauthorized code continues.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.