ScreenOS

Last updated

ScreenOS
Developer Juniper Networks
Working stateCurrent
Source modelClosed source
Latest release 6.3.0r27 / 23 April 2019;3 years ago (2019-04-23) [1]
License Proprietary
Succeeded by Junos OS (on later hardware)

ScreenOS is a real-time embedded operating system for the NetScreen range of hardware firewall devices from Juniper Networks.

Contents

Features

Beside transport level security ScreenOS also integrates these flow management applications:

Possible NSA backdoor and 2015 "Unauthorized Code" incident

In December 2015, Juniper Networks announced that it had found unauthorized code in ScreenOS that had been there since August 2012. The two backdoors it created would allow sophisticated hackers to control the firewall of un-patched Juniper Netscreen products and decrypt network traffic. At least one of the backdoors appeared likely to have been the effort of a governmental interest. There was speculation in the security field about whether it was the NSA. [2] Many in the security industry praised Juniper for being transparent about the breach. [2] WIRED speculated that the lack of details that were disclosed and the intentional use of a random number generator with known security flaws could suggest that it was planted intentionally. [2]

NSA and GCHQ

A 2011 leaked NSA document says that GCHQ had current exploit capability against the following ScreenOS devices: NS5gt, N25, NS50, NS500, NS204, NS208, NS5200, NS5000, SSG5, SSG20, SSG140, ISG 1000, ISG 2000. The exploit capabilities seem consistent with the program codenamed FEEDTROUGH. [3]

Versions

ScreenOS versionRelease dateEnd of SupportEnd of life
6.3.0r27 [1] 23 April 2019
6.019 April 200719 April 201019 April 2011
5.424 July 200624 July 200924 July 2010
5.324 October 200524 October 200824 October 2009
5.211 May 200511 May 200811 May 2009
5.122 October 200422 October 200722 October 2008
5.018 December 200318 December 200618 December 2007
4.01 August 200231 October 200631 October 2007

Related Research Articles

Computer security Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

Malware Portmanteau for malicious software

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive users access to information or which unknowingly interferes with the user's computer security and privacy. By contrast, software that causes harm due to some deficiency is typically described as a software bug. Malware poses serious problems to individuals and businesses. According to Symantec’s 2018 Internet Security Threat Report (ISTR), malware variants number has increased to 669,947,865 in 2017, which is twice as many malware variants as in 2016. Cybercrime, which includes malware attacks as well as other crimes committed by computer, was predicted to cost the world economy 6 trillion dollars in 2021, and is increasing at a rate of 15% per year.

Firmware Low-level computer software

In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide hardware abstraction services to higher-level software such as operating systems. For less complex devices, firmware may act as the device's complete operating system, performing all control, monitoring and data manipulation functions. Typical examples of devices containing firmware are embedded systems, home and personal-use appliances, computers, and computer peripherals.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

Backdoor (computing) Covert method of bypassing authentication or encryption in a computer

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptographic systems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

Juniper Networks American multinational technology company

Juniper Networks, Inc. is an American multinational corporation headquartered in Sunnyvale, California. The company develops and markets networking products, including routers, switches, network management software, network security products, and software-defined networking technology.

In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). A variant called single packet authorization (SPA) exists, where only a single "knock" is needed, consisting of an encrypted packet.

Application firewall Layer 7/application layer network security system

An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The application firewall can control communications up to the application layer of the OSI model, which is the highest operating layer, and where it gets its name. The two primary categories of application firewalls are network-based and host-based.

Cisco PIX was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment.

Netgear, Inc. is an American computer networking company based in San Jose, California, with offices in about 25 other countries. It produces networking hardware for consumers, businesses, and service providers. The company operates in three business segments: retail, commercial, and as a service provider.

Intel Active Management Technology Out-of-band management platform

Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a separate microprocessor not exposed to the user, in order to monitor, maintain, update, upgrade, and repair them. Out-of-band (OOB) or hardware-based management is different from software-based management and software management agents.

Dual_EC_DRBG is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public criticism, including the public identification of a backdoor, it was for seven years one of four CSPRNGs standardized in NIST SP 800-90A as originally published circa June 2006, until it was withdrawn in 2014.

Junos OS Real-time operating system (RTOS) software

The Junos operating system used in Juniper Networks network devices creates an environment for accelerating the deployment of services and applications over a single network.

NetScreen Technologies

NetScreen Technologies was an American technology company that was acquired by Juniper Networks for US$4 billion stock for stock in 2004.

Kaspersky Lab Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky, and Alexey De-Monderik; Eugene Kaspersky is currently the CEO. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Bullrun (decryption program) Code name of a decryption program run by the NSA

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

Intel Management Engine Firmware and software that runs on all modern Intel CPUs at a higher level than user-facing operating system

The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards.

The Equation Group, classified as an advanced persistent threat, is a highly sophisticated threat actor suspected of being tied to the Tailored Access Operations (TAO) unit of the United States National Security Agency (NSA). Kaspersky Labs describes them as one of the most sophisticated cyber attack groups in the world and "the most advanced ... we have seen", operating alongside the creators of Stuxnet and Flame. Most of their targets have been in Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali.

Hardware backdoor Hardware or firmware of computer chips

Hardware backdoors are backdoors in hardware, such as code inside hardware or firmware of computer chips. The backdoors may be directly implemented as hardware Trojans in the integrated circuit.

Ang Cui

Ang Cui is an American cybersecurity researcher and entrepreneur. He is the founder and CEO of Red Balloon Security in New York City, a cybersecurity firm that develops new technologies to defend embedded systems against exploitation.

References

  1. 1 2 Release Notes 6.3.0r27 Rev 01
  2. 1 2 3 Zetter, Kim (27 October 2008). "New Discovery Around Juniper Backdoor Raises More Questions About the Company". WIRED. Retrieved 15 January 2016.
  3. Ryan Gallagher, Glenn Greenwald (23 December 2015). "NSA Helped British Spies Find Security Holes In Juniper Firewalls" . Retrieved 27 December 2015.