Q: Pending the planned replacement of the Dual_EC, do Screen OS devices have sufficient cryptology?
Yes. We believe that the existing code using Dual_EC with self-generated basis points provides sufficient cryptology notwithstanding issues with the second ANSI X.9.31 random number generator. We will replace both Dual_EC and ANSI X9.31 in ScreenOS 6.3.
Q: Can you please outline the process you used to check the Junos OS at a high level?
The process examined Junos OS source code in “hot spots” where one may expect to find code similar to the code found in ScreenOS. The hot spots include VPN code, encryption code, and authentication code. We also inspected our build environments for any evidence of tampering or unauthorized access.
Q: Why did we feel this was an important step to take?
Given the discovery of unauthorized code in one product, it was important to inspect our products running Junos OS for signs of unauthorized code as well as to carefully inspect the source code itself.
Sign up for CIO Asia eNewsletters.