Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

NASA and DoD grilled over their use of compromised Juniper firewalls

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

January 26, 2016

A group of U.S. government departments and agencies, from the military to NASA are being heavily criticized over their utilization of compromised and backdoored Juniper firewalls installed on critical segments of their networks.

The House of Representatives' Committee on Oversight and Government Reform fired off letters to top NASA and Department of Defense officials over the weekend, demanding to know if any of the dodgy NetScreen devices were used in federal systems.

Juniper's ScreenOS software (the firmware that powers its firewalls) was tampered with by mysterious hackers a few years ago to introduce two security vulnerabilities-- one was an administrator-level backdoor accessible via Telnet or SSH using a hardcoded password, and the other allowed eavesdroppers to decrypt intercepted VPN traffic.

Those security flaws, which were smuggled into the source code of the firmware, were discovered on December 17, 2015 by Juniper, and security patches were issued three days later to correct those critical bugs.

The backdoor (CVE-2015-7755) affects ScreenOS versions 6.3.0r17 through 6.3.0r20, and the weak VPN encryption (CVE-2015-7756) affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.

The oversight committee has given the departments until February 4 to audit their use of ScreenOS. It's quite a bit to ask, because even the IRS lost track of 1,300 computers still running Windows XP.

The committee, which is worried about the impact of the security holes, wants to know whether any security vulnerable devices were used.

It also wants to know if IT staff took after learning of the security vulnerabilities, and which versions of ScreenOS were used.

Finally, it wants to know exactly when were vulnerable devices patched to address those security issues.

The panel has written to the SEC, the Dept of Agriculture, the General Services Administration, the Department of Commerce, the Department of Labor, the Dept of Energy – which also looks after Uncle Sam's nuclear research – the Dept of Veteran Affairs, the Environmental Protection Agency, the treasury department, the Dept of Education, NASA, etc.

It will be interesting to see what the outcome is of all this and the speed at which the various departments respond to the security threats.

Source: The House of Rep. Committee on Oversight and Gov. Reform.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer