Juniper Networks, the company that has been infamously in the news due to the presence of back doors on its firewalls, is now back to give an update regarding the situation. As we said some days ago, there are a lot of questions regarding how the back doors got there in the first place, as well as how Juniper could discover it in an internal review (how long was it between the internal review that discovered them and the internal review prior to it?). Other questions pertain to British intelligence and how it could affirm that Juniper Networks could be exploited by partnering with the US government unless it knew something that most shouldn’t know. It’s been assumed that the US government is responsible for the back doors on Juniper Networks’ firewalls, but there is no proof that the FBI or any other governmental agency is responsible.
In any case, Juniper has made an update announcement from its own forums about the back doors investigation: “In addition to removing the unauthorized code and making patched releases available, Juniper undertook a detailed investigation of ScreenOS and Junos OS source code. A respected security organization was brought in to assist with this investigation. After a detailed review, there is no evidence of any other unauthorized code in ScreenOS nor have we found any evidence of unauthorized code in Junos OS. The investigation also confirmed that it would be much more difficult to insert the same type of unauthorized code in Junos OS.”
Juniper has gone so far as to make additional changes for its customers and the growth of its business: “We will replace Dual_EC and ANSI X9.31 in ScreenOS 6.3 with the same random number generation technology currently employed across our broad portfolio of Junos OS products. We intend to make these changes in a subsequent ScreenOS software release, which will be made available in the first half of 2016.”
This last statement from Juniper is interesting. Why do they need to replace these technologies with “the same random number generation technology” used in other devices? And, if the technology is not up to date, why would Juniper hold on to this technology in its products without updating it before the presence of back doors were detected on the company’s firewalls? It just seems odd that things like this happen and then we see companies like Juniper make changes that should’ve been made years ago. It’s sad that it takes something like this to see companies make positive changes. The most likely reason why Juniper waited until now seems to be that the company didn’t want to spend the money to improve its firewalls, but must now spend it in order to reassure its customers that all is well.
There is still no word on the party or parties responsible for the back doors, but one thing is sure: Juniper will definitely pay more attention to its firewall security in the future. From the perspective of customers, their data, and peace of mind, Juniper’s new changes aren’t a bad thing by any means.
You can protect yourself from things like these by staying up to date on security software and tools, especially VPNs, so head over here and find yourself a good VPN for your protection.