January 26, 2016
Most U.S. government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks’ Netscreen firewalls.
Letters went out late last week from the House Oversight & Government Reform Committee to the leaders of the various agencies asking them to provide the committee with a report on whether the Juniper products and what versions are in use, how the vulnerability was found, and whether it was patched.
The committee has government-wide oversight and investigative responsibilities. Netscreen firewalls are enterprise-grade firewall and VPN appliances that are used in large business and government networks.
On Dec. 17, the networking vendor released an emergency patch for ScreenOS, the operating system holding up Netscreen appliances. The company said it had discovered “unauthorized code” in ScreenOS that opened the door for the decryption of VPN traffic moving through the appliances. Juniper also found a second backdoor, that allows for remote administrative access to Netscreen devices over SSH or telnet.