NetScreen Technologies

Last updated
NetScreen Technologies
Company type Division
Industry IT security,
Computer software,
Computer hardware
Founded1997
Defunct2004 (2004)
FateAcquired by Juniper Networks
Headquarters,
United States
Key people
Ken Xie, CTO, CEO, and Co-Founder,
Yan Ke, Co-Founder, Feng Deng, Co-Founder, Robert Thomas, CEO, Anson Chen, VP R&D, Nir Zuk, CTO
Products Network security and access solutions and appliances.
Parent Juniper Networks
Website www.juniper.net

NetScreen Technologies was an American technology company that was acquired by Juniper Networks for US$4 billion stock for stock in 2004. [1] [2]

Contents

NetScreen Technologies developed ASIC-based Internet security systems and appliances that delivered high performance firewall, VPN and traffic shaping functionality to Internet data centers, e-business sites, broadband service providers and application service providers. NetScreen was the first firewall manufacturer to develop a gigabit-speed firewall, the NetScreen-1000. [3]

History

NetScreen Technologies was founded by Yan Ke, Ken Xie, and Feng Deng. [4] Ken Xie, Chief Technology Officer and co-founder was also the CEO until Robert Thomas joined in 1998. [5]

Robert Thomas, NetScreen's president and chief executive officer, came to NetScreen in 1998 from Sun Microsystems, where he was General Manager of Intercontinental Operations for Sun's software business, which includes security, networking, and Internet tools. [6]

Ken Xie left NetScreen in 2000 to found Fortinet, a competing ASIC-based firewall company. [7]

NetScreen acquired its core IPS technology through the purchase of OneSecure, Inc. for US$45 million in stock in 2002. OneSecure was created by Rakesh Loonkar (subsequently the co-founder of Trusteer), and Israeli engineer Nir Zuk, who had been one of Check Point Software’s first employees. [8]

In 2003, NetScreen hired Anson Chen as its vice president of research and development. [9] Anson Chen, a 12-year veteran of Cisco Systems, Inc. and former vice president and general manager of the Network Management and Services Technology Group, led engineering, research and development efforts for NetScreen's entire product line, including its firewall, IPSec virtual private network (VPN) and intrusion detection and prevention technologies. [9] Chen also had functional management responsibility for NetScreen's secure access products. [10]

2015 "unauthorized code" incident

Analysis of the firmware code in 2015 showed that a backdoor key could exist using Dual_EC_DRBG. This would enable whoever held that key to passively decrypt traffic encrypted by ScreenOS. [11]

In December 2015, Juniper Systems announced that they had discovered "unauthorized code" in the ScreenOS software that underlies their NetScreen devices, present from 2012 onwards. There were two vulnerabilities: One was a simple root password backdoor, and the other one was changing a point in Dual_EC_DRBG so that the attackers presumably had the key to use the pre-existing (intentional or unintentional) kleptographic backdoor in ScreenOS to passively decrypt traffic. [12] [13]

Related Research Articles

<span class="mw-page-title-main">RSA Security</span> American computer security company

RSA Security LLC, formerly RSA Security, Inc. and trade name RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rivest, Adi Shamir and Leonard Adleman, after whom the RSA public key cryptography algorithm was also named. Among its products is the SecurID authentication token. The BSAFE cryptography libraries were also initially owned by RSA. RSA is known for incorporating backdoors developed by the NSA in its products. It also organizes the annual RSA Conference, an information security conference.

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptosystems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

<span class="mw-page-title-main">Juniper Networks</span> American multinational technology company

Juniper Networks, Inc. is an American multinational corporation headquartered in Sunnyvale, California. The company develops and markets networking products, including routers, switches, network management software, network security products, and software-defined networking technology.

An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The two primary categories of application firewalls are network-based and host-based.

Cisco PIX was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment.

Fortinet, Inc. is a cybersecurity company with headquarters in Sunnyvale, California. The company develops and sells security solutions like firewalls, endpoint security and intrusion detection systems. Fortinet has offices located all over the world.

<span class="mw-page-title-main">Check Point</span> Israeli security company

Check Point Software Technologies Ltd. is an American-Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.

Barracuda Networks, Inc. is a company providing security, networking and storage products based on network appliances and cloud services.

VPN-1 is a firewall and VPN product developed by Check Point Software Technologies Ltd.

Vyatta is a software-based virtual router, virtual firewall and VPN product for Internet Protocol networks. A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others. A standardized management console, similar to Juniper JUNOS or Cisco IOS, in addition to a web-based GUI and traditional Linux system commands, provides configuration of the system and applications. In recent versions of Vyatta, web-based management interface is supplied only in the subscription edition. However, all functionality is available through KVM, serial console or SSH/telnet protocols. The software runs on standard x86-64 servers.

Dual_EC_DRBG is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public criticism, including the public identification of the possibility that the National Security Agency put a backdoor into a recommended implementation, it was, for seven years, one of four CSPRNGs standardized in NIST SP 800-90A as originally published circa June 2006, until it was withdrawn in 2014.

<span class="mw-page-title-main">Junos OS</span> Real-time operating system (RTOS) software

Junos OS is a FreeBSD-based network operating system used in Juniper Networks routing, switching and security devices.

<span class="mw-page-title-main">Ken Xie</span> American billionaire businessman (born 1963)

Ken Xie is an American billionaire businessman who founded Systems Integration Solutions (SIS), NetScreen, and Fortinet.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

OpenConnect is a free and open-source cross-platform multi-protocol virtual private network (VPN) client software which implement secure point-to-point connections.

<span class="mw-page-title-main">SoftEther VPN</span> Open-source VPN client and server software

SoftEther VPN is free open-source, cross-platform, multi-protocol VPN client and VPN server software, developed as part of Daiyuu Nobori's master's thesis research at the University of Tsukuba. VPN protocols such as SSL VPN, L2TP/IPsec, OpenVPN, and Microsoft Secure Socket Tunneling Protocol are provided in a single VPN server. It was released using the GPLv2 license on January 4, 2014. The license was switched to Apache License 2.0 on January 21, 2019.

<span class="mw-page-title-main">Bullrun (decryption program)</span> Code name of a decryption program run by the NSA

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

ScreenOS is a real-time embedded operating system for the NetScreen range of hardware firewall devices from Juniper Networks.

References

  1. Duffy, Jim (2004-02-09). "Juniper acquires NetScreen". Network World. networkworld.com. Retrieved 2017-01-05.
  2. "Juniper Networks Completes Acquisition of NetScreen Technologies and Appoints Frank J. Marshall to the Juniper Networks Board of Directors". Juniper Press Release. April 16, 2004. Retrieved 2009-03-05.
  3. "Nupremis Deploys The NetScreen-1000 Best Of Breed Security Solution For Global Data Centers". Market Wire. 2005.
  4. HighBeam [ dead link ]
  5. HighBeam [ dead link ]
  6. HighBeam [ dead link ]
  7. "Putting China On The Silicon Valley Map: NetScreen And Fortinet Founder Ken Xie (Part 1)". sramanamitra.com. 2010-04-21. Retrieved 2017-01-05.
  8. "How I Got Here: Nir Zuk, CTO, Palo Alto Networks". itworld.com. 2010-04-05. Retrieved 2017-01-05.
  9. 1 2 "NetScreen Hires Vice President of Research and Development; Co-Founder Feng Deng Takes on New Role as Chief Strategy Officer". Juniper Networks. Archived from the original on 2012-11-02. Retrieved 2019-01-28.
  10. HighBeam [ dead link ]
  11. Kim Zetter (2015-12-18). "Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors". Wired. wired.com. Retrieved 2017-01-05.
  12. "On the Juniper backdoor". 22 December 2015.
  13. "Juniper Breach Mystery Starts to Clear with New Details on Hackers and U.S. Role". 2 September 2021.