Editing Juniper Networks (section)

===Security===
[[File:Juniper Networks SRX5800 service gateway and security appliance.jpg|thumb|Juniper Networks SRX5800 service gateway and security appliance]]
Juniper Networks introduced the JProtect security toolkit in May 2003. It included firewalls, flow monitoring, filtering and [[Network Address Translation]] (NAT).<ref>{{cite news|title=Tool Kit Extends Router Security; Juniper lets users determine features|last=Fisher|first=Dennis|newspaper=eWeek|date=June 2, 2003|url=http://www.eweek.com/c/a/Security/Tool-Kit-Extends-Router-Security/|access-date=December 20, 2014}}</ref><ref>{{cite news|last=Dubowski|first=Stefan|newspaper=ComputerWorld Canada|date=Jun 27, 2003|url=http://www.itworldcanada.com/article/juniper-branches-out-with-secure-routers/20537|title=Juniper branches out with secure routers|access-date=December 20, 2014}}</ref> Through the 2004 acquisition of [[NetScreen Technologies]], Juniper acquired the Juniper Secure Meeting product line,<ref>{{cite news|title=Juniper Appliance Guards Conferences|url=http://www.eweek.com/c/a/Messaging-and-Collaboration/Juniper-Appliance-Guards-Conferences/|access-date=May 3, 2015|newspaper=eWeek|date=May 3, 2004|first=Michael|last=Caton}}</ref> as well as [[Remote desktop software|remote desktop access software]].<ref>{{cite news|url=http://www.eweek.com/c/a/Security/SSL-VPNs-Start-Making-Sense/|newspaper=eWeek|first=Andrew|last=Garcia|access-date=December 20, 2014|date=May 10, 2004|title=SSL VPNs Start Making Sense}}</ref> The NetScreen-5GT ADSL security appliance was the first new NetScreen product Juniper introduced after the acquisition<ref name="twentyfour"/> and its first wireless product.<ref>{{cite news|title=Juniper scores with WLAN protector|first=Joel|last=Snyder|newspaper=Network World | date=Mar 7, 2005|url=http://www.networkworld.com/article/2319026/network-security/juniper-scores-with-wlan-protector.html|archive-url=https://web.archive.org/web/20150505063521/http://www.networkworld.com/article/2319026/network-security/juniper-scores-with-wlan-protector.html|url-status=dead|archive-date=May 5, 2015|access-date=December 21, 2014 }}</ref> The first Juniper product intended for small businesses was a remote access appliance that was released in August 2004.<ref>{{cite news|title=Juniper Does SSL for SMBs; Juniper Networks Inc. made a bid last week to dominate the Secure Sockets Layer VPN space among small and midsize businesses with a new line of low-cost appliances|first=Paula|last=Musich|newspaper=eWeek|date=August 23, 2004|url=http://www.eweek.com/c/a/Security/Juniper-Does-SSL-for-SMBs/|access-date=May 4, 2015}}</ref><ref>{{cite news|title=Juniper zeroes in on SMBs, seeks more partners|last=Villano|first=Matt|newspaper=CRN|date=August 16, 2004}}</ref> An open interface for the development of third-party tools for the appliance was made available that September.<ref>{{cite news|title=Juniper Incorporates Third-Party Security; Options focus on endpoint integration|first=Paula|last=Musich|date=September 6, 2004}}</ref>

In September 2004, Juniper entered the market for enterprise access routers with three routers that were the first of the J-series product family. It used the channel partners acquired with NetScreen to take the routers to market.<ref name="twentyfour">{{cite news|title=Juniper Networks' J-Series|first=David|last=Greenfield|newspaper=Network Magazine|date=July 2004}}</ref><ref>{{cite news|title=Juniper J-series could challenge Cisco|first=Jennifer|last=Hagendorf|newspaper=CRN|date=June 21, 2004}}</ref> Juniper released its first dedicated NAC product in late 2005, which was followed by the acquisition of [[Funk Software]] for its NAC capabilities for switches.<ref>{{cite news|title=Juniper to Acquire Funk|last=Roberts|first=Paul|newspaper=eWeek|date=November 21, 2005|url=http://www.eweek.com/c/a/Enterprise-Networking/Juniper-to-Acquire-Funk/|access-date=December 21, 2014}}</ref> According to a 2006 review in ''Network World'', Juniper's SSG 520 firewall and routing product was "the first serious threat" to competing products from Cisco.<ref>{{cite news|title=Juniper/NetScreen deal bears fruit|first=Joel|last=Snyder|newspaper=Network World | date=February 6, 2006|url=https://www.networkworld.com/article/846172/lan-wan-juniper-netscreen-deal-bears-fruit.html|access-date=December 22, 2014}}</ref> Juniper released the SRX family of gateway products in 2008. The gateways sold well, but customers and resellers reported a wide range of technical issues starting in 2010, which Juniper did not acknowledge until 2012, when it began providing updates to the product software.<ref>{{cite news|title=Juniper Partners On SRX Issues: Forgiven But Not Forgotten|date=January 19, 2012|first=Chad|last=Berndtson|url=http://www.crn.com/news/security/232500101/juniper-partners-on-srx-issues-forgiven-but-not-forgotten.htm|newspaper=CRN|access-date=January 10, 2015}}</ref>

In August 2011, Juniper and AT&T announced they would jointly develop the AT&T Mobile Security application based on Juniper's Pulse security software.<ref>{{cite news|title=ATandT Partners With Juniper Networks for Mobile Security Platform|first=Fahmida|last=Rashid|date=August 11, 2011|url=http://www.eweek.com/networking/ATandT-Partners-With-Juniper-Networks-for-Mobile-Security-Platform/|newspaper=eWeek|access-date=December 23, 2014}}</ref> In May 2012, Juniper released a series of new features for the web security software it acquired from Mykonos Software that February. Mykonos' software is focused on deceiving hackers by presenting fake vulnerabilities and tracking their activity.<ref>{{cite news|title=Juniper packs 30 new features into Web security software|first=Jim|last=Duffy|date=May 30, 2012|newspaper=Network World|url=https://www.networkworld.com/article/710174/security-juniper-packs-30-new-features-into-web-security-software.html|access-date=December 22, 2014}}</ref> In January 2014, Juniper announced the Firefly Suite of security and switching products for [[virtual machines]].<ref>{{cite news|url=https://www.networkworld.com/article/685587/virtualization-juniper-announces-firefly-suite-for-virtual-machine-security.html|newspaper=Network World|date=January 16, 2014|access-date=March 27, 2015|first=Ellen|last=Messmer|title=Juniper announces Firefly Suite for virtual-machine security}}</ref> The following month Juniper Networks released several products for "intrusion deception", which create fake files, store incorrect passwords and change network maps in order to confuse hackers that have already penetrated the network perimeter.<ref>{{cite news|date=February 26, 2014|title=Juniper Networks urges companies to be active on cyber defence|first=Hannah|last=Kuchler|url=http://www.ft.com/intl/cms/s/0/2cfd21ee-9e8d-11e3-b429-00144feab7de.html#axzz3MfMPoC5c|archive-url=https://ghostarchive.org/archive/20221211141240/https://www.ft.com/content/2cfd21ee-9e8d-11e3-b429-00144feab7de#axzz3MfMPoC5c|archive-date=December 11, 2022|url-access=subscription|newspaper=Financial Times|access-date=December 22, 2014|url-status=live}}</ref>

[[File:Juniper networks backdoor admin password hidden in code.png|thumb|Marked in yellow: backdoor admin password hidden in the code]]
An analysis of Juniper's [[ScreenOS]] firmware code in December 2015 discovered a backdoor key using [[Dual EC DRBG]] allowing to passively decrypt the traffic encrypted by ScreenOS. This backdoor was inserted in the year 2008 into the versions of ScreenOS from 6.2.0r15 to 6.2.0r18 and from 6.3.0r12 to 6.3.0r20<ref>{{Cite web|title = Researchers confirm backdoor password in Juniper firewall code|url = https://arstechnica.com/security/2015/12/researchers-confirm-backdoor-password-in-juniper-firewall-code/|website = Ars Technica|date = December 21, 2015|access-date = 2016-01-16}}</ref> and gives any user administrative access when using a special master password.<ref>{{Cite web|title = Zagrożenia tygodnia 2015-W52 - Spece.IT|url = https://spece.it/bezpieczenstwo/zagrozenia-tygodnia-2015-w52|website = Spece.IT|date = December 23, 2015|access-date = 2016-01-16|language = pl-PL}}</ref> Some analysts claim that this backdoor still exists in ScreenOS.<ref name="wired-secret-code-in-junipers-firewalls">{{cite magazine | url=https://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors | title=Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors | author=Kim Zetter | magazine=Wired | date=2015-12-18 | access-date=2015-12-25 | archive-url=https://web.archive.org/web/20160604101834/https://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/ | archive-date=2016-06-04 | url-status=live }}</ref> Stephen Checkoway was quoted in Wired that "If this backdoor was not intentional, then, in my opinion, it's an amazing coincidence."<ref name="wired.com">{{cite magazine|url=https://www.wired.com/2016/01/new-discovery-around-juniper-backdoor-raises-more-questions-about-the-company/|title=New Discovery Around Juniper Backdoor Raises More Questions About the Company|date=8 January 2016|magazine=WIRED}}</ref>

In December 2015, Juniper Systems announced that they had discovered "unauthorized code" in the ScreenOS software that underlies their NetScreen devices, present from 2012 onwards. There were two vulnerabilities: One was a simple root password backdoor, and the other one was changing a point in Dual_EC_DRBG so that the attackers presumably had the key to use the preexisting (intentional or unintentional) [[kleptographic]] backdoor in ScreenOS to passively decrypt traffic.<ref>{{cite web|url=http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html|title=A Few Thoughts on Cryptographic Engineering|author=Matthew Green|date=December 22, 2015}}</ref>