Network Equipment and Security Company Juniper Networks to Address Malicious Code Found in Firewall
January 11, 2016
Network equipment and security company Juniper Networks has revealed it will address malicious code it found in its firewall. The code was discovered last month and the suspicion is it may have provided the United States’ National Security Agency (NSA) with a means of monitoring Juniper Networks’ customers’ data. The company has suggested that it will upgrade its security software in the first half of 2016.
Juniper Networks, which has headquarters in Sunnyvale, California, United States, has previously found suspicious code in its software. In 2012 it found code that could enable hackers to monitor the connections and activity of its Juniper Netscreen products. In 2014 additional code allowed hackers full access to Juniper Networks’ network.
“In addition to removing the unauthorized code and making patched releases available, Juniper undertook a detailed investigation of ScreenOS and Junos OS® source code,” explained Juniper Networks’ SVP Chief Information Officer Bob Worrall in the company’s blog. “A respected security organization was brought in to assist with this investigation. After a detailed review, there is no evidence of any other unauthorized code in ScreenOS nor have we found any evidence of unauthorized code in Junos OS. The investigation also confirmed that it would be much more difficult to insert the same type of unauthorized code in Junos OS.”
“As a leading provider of high performance networking technology solutions globally for the past 20 years, Juniper Networks is keenly aware of the current and evolving threats to national and economic security around the world. As a proven leader in driving technology innovation, we are also aware that our products will continue to be a target of cyberattacks. We are committed to the integrity, security, and assurance of our products. We have also demonstrated that it is our policy to fix security vulnerabilities when they are found and to notify our customers according to our Security Incident Response Team procedures”, concluded Mr. Worrall’s announcement.
What do you think about this intrusion? Add your comments below.