Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Features 2 Possible NSA backdoor and 2015 "Unauthorized Code" incident 3 NSA and GCHQ 4 Versions 5 References 6 External links

ScreenOS

●Español ●Français ●Русский Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

ScreenOS
Developer	Juniper Networks
Working state	Current
Source model	Closed source
Latest release	6.3.0r27 / 23 April 2019; 5 years ago (2019-04-23)^[1]
License	Proprietary
Succeeded by	Junos OS (on later hardware)

ScreenOS is a real-time embedded operating system for the NetScreen range of hardware firewall devices from Juniper Networks.

Features[edit]

Beside transport level security ScreenOS also integrates these flow management applications:

IP gateway VPN management – ICSA-certified IPSec
IP packet inspection (low level) for protection against TCP/IP attacks
Virtualization for network segmentation

Possible NSA backdoor and 2015 "Unauthorized Code" incident[edit]

In December 2015, Juniper Networks announced that it had found unauthorized code in ScreenOS that had been there since August 2012. The two backdoors it created would allow sophisticated hackers to control the firewall of un-patched Juniper Netscreen products and decrypt network traffic. At least one of the backdoors appeared likely to have been the effort of a governmental interest. There was speculation in the security field about whether it was the NSA.^[2] Many in the security industry praised Juniper for being transparent about the breach.^[2] WIRED speculated that the lack of details that were disclosed and the intentional use of a random number generator with known security flaws could suggest that it was planted intentionally.^[2]

NSA and GCHQ[edit]

A 2011 leaked NSA document says that GCHQ had current exploit capability against the following ScreenOS devices: NS5gt, N25, NS50, NS500, NS204, NS208, NS5200, NS5000, SSG5, SSG20, SSG140, ISG 1000, ISG 2000. The exploit capabilities seem consistent with the program codenamed FEEDTROUGH.^[3]

Versions[edit]

ScreenOS version	Release date	End of Support	End of life
6.3.0r27^[1]	23 April 2019
6.0	19 April 2007	19 April 2010	19 April 2011
5.4	24 July 2006	24 July 2009	24 July 2010
5.3	24 October 2005	24 October 2008	24 October 2009
5.2	11 May 2005	11 May 2008	11 May 2009
5.1	22 October 2004	22 October 2007	22 October 2008
5.0	18 December 2003	18 December 2006	18 December 2007
4.0	1 August 2002	31 October 2006	31 October 2007

References[edit]

^ ^a ^b Release Notes 6.3.0r27 Rev 01

^ ^a ^b ^c Zetter, Kim (27 October 2008). "New Discovery Around Juniper Backdoor Raises More Questions About the Company". WIRED. Retrieved 15 January 2016.

^ Ryan Gallagher, Glenn Greenwald (23 December 2015). "NSA Helped British Spies Find Security Holes In Juniper Firewalls". Retrieved 27 December 2015.

External links[edit]

ScreenOS Software Documentation

v t e Juniper Networks
People	Shaygan Kheradpir Scott Kriens Pradeep Sindhu
Products	M-Series T-Series J-Series E-Series MX-Series ACX-Series PTX-Series EX-Series QFX-Series SRX Series
System software	Junos OS Junos SDK JunosE ScreenOS
Acquisitions (List)	Layer Five ('99) Pacific Advantage Ltd ('00) Micro Magic Inc. ('00) Nexsi Systems ('02) Unisphere Networks ('02) NetScreen Technologies ('04) Kagoor Networks ('05) Peribit Networks ('05) Redline Networks ('05) Acorn Packet Solutions ('05) Funk Software ('05) Ankeena Networks ('10) SMobile Systems ('10) Altor Networks ('10) Brilliant Telecommunications ('11) Mykonos Software ('12) Contrail Systems ('12) Webscreen ('13) WANDL ('13)
Certification	Juniper Networks Technical Certification Program