Security Platforms/Tools

Cisco Launches Code Review Following Juniper Backdoor Disclosure

Cisco has launched an internal review of its networking code following disclosure of a secret back door in rival Juniper's firewall software.

In a blog post Monday, Cisco Systems Inc. (Nasdaq: CSCO) said it has "no indication of unauthorized code in our products," adding, "We have seen none of the indicators discussed in Juniper's disclosure."

Anthony Grieco, senior director of Cisco's security and trust organization, writes that Cisco has a strict "no backdoor" policy. "Our development practices specifically prohibit any intentional behaviors or product features designed to allow unauthorized device or network access, exposure of sensitive device information, or a bypass of security features or restrictions," Grieco says.

Security experts expect other technology companies to be reviewing their code for vulnerabilities following the Juniper disclosure, according to Reuters.

Juniper Networks Inc. (NYSE: JNPR) disclosed the vulnerability on Thursday. The company said it had found a backdoor -- intentionally created access -- in ScreenOS, the operating system for its NetScreen products, used for VPNs, firewalls and traffic shaping, including protection against denial-of-service attacks. The first hack allows unauthorized remote administrative access, and another hack might allow a knowledgeable attacker to decrypt VPN traffic. The FBI is reportedly investigating -- Juniper's customers include the US Department of Defense, US Treasury and FBI itself. (See FBI Investigating Juniper VPN Hack.)

— Mitch Wagner, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profileFollow me on Facebook, West Coast Bureau Chief, Light Reading. Got a tip about SDN or NFV? Send it to [email protected]

lanbrown 12/23/2015 | 11:28:09 AM
Re: Hard to recover Yes. Many things have a backdoor and most of the time, it doesn't end well. The big issue here is that you have a security device that has a backdoor. If Juniper thought that this was a good idea for something that is suppose to be secure, what other poor decisions have they made? Given that you could also see VPN traffic, that is now even worse. Firewalls are deployed in many different areas of a network besides just the edge. It makes you wonder if this backdoor has been used by hackers and information stolen. As I previously stated, there are many companies offering firewalls. Some companies at the next upgrade cycle (or even before) might be looking at anyone but Juniper. This could also hurt Juniper trying to get new business on the firewall front. If Juniper says there are no more backdoors in ScreenOS, what about their other products? Can you really trust them in what they say?
Mitch Wagner 12/23/2015 | 10:19:59 AM
Re: Hard to recover lanbrown - As a Juniper customer, does this make you trust them less?
lanbrown 12/23/2015 | 1:00:57 AM
Hard to recover There are many different vendors selling firewalls.  With Juniper adding this backdoor in 2012, that is much worse than if it was there since they bought Netscreen.  I have used Netscreen firewalls in the past and they had their pros and cons.  It will be interesting to see how their sales are going forward.
Sign In