Search
Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs Cisco Partner Summit Digital 2020 Lenovo Tech World Newsroom Dell Technologies World Digital Experience 2020 HPE Zone Masergy Zenith Partner Program Newsroom Intel Partner Connect Digital Newsroom Dell Technologies Newsroom Fortinet Secure Network Hub IBM Newsroom Juniper Newsroom The IoT Integrator Lenovo Channel-First NetApp Data Fabric Intel Tech Provider Zone

Juniper Partners See Uptick In Customer Concerns About Security Vulnerability; Cisco Throws Jabs

Juniper partners tell CRN that more calls are coming in questioning the networking vendor's recent disclosure about its firewall operating system, while Cisco took a swipe its rival.

Juniper partners are receiving more calls from customers concerned about the potential impact from Juniper's discovery last week of a major vulnerability in its firewall operating system through which hackers can decrypt virtual private network (VPN) connections.

"We've had a number of clients asked about it and what they need to do about it," said Dominic Grillo, executive vice president of Atrion Communications, a Branchburg, N.J.-based solution provider and longtime Juniper partner. "They're trying to find out if we as Juniper partners have any more information than what Juniper is releasing publicly, but we don't."

On Dec. 17, Juniper revealed it had found "unauthorized code" affecting devices running ScreenOS -- the operating system for its NetScreen firewall devices. The Sunnyvale, Calif.-based company said a hacker could use it to gain administrative access to NetScreen devices and decrypt VPN connections.

[Related: Juniper Partners Sound Off On Security Vulnerability, Stock Slide]

Although Grillo says he doesn't expect the vulnerability to affect his Juniper business, the news "has definitely got people talking and asking questions."

"We did have one customer that questioned us very hard. Wanted us … to write them a letter ensuing that these things don’t exist in their technology and stuff," said Grillo. "You get some backlash like that."

Partners said Juniper has sent them emails explaining how customers can fix the issue and pointed them toward where they could find more information, but have yet to contact them directly to discuss the matter. Juniper had already released an emergency security patch it created for customers to implement "with the highest priority."

Juniper declined to give any further information regarding the security vulnerability or any guidance it has given to channel partners.

One executive of a solution provider and Juniper Elite partner said his company received only a small numbers of concerns from customers over the past week regarding the Juniper vulnerability, but it heated up Wednesday.

"We've fielded more questions from customers today than any day yet," said the executive, who declined to be identified. "I think since more information keeps coming in, people think it might be getting worse or maybe they're just finding out today about it."

The security vulnerabilities included administrative access vulnerabilities affecting ScreenOS 6.3.0r17 through 6.3.0r20, and VPN decryption vulnerabilities affecting ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.


Because of the Juniper vulnerability disclosure, Cisco says it has started its own code review looking for "similar malicious modification."

"Our additional review includes penetration testing and code reviews by engineers with deep networking and cryptography experience," Anthony Grieco, senior director of Cisco's Security and Trust Organization, in a recent blog post. He added that the investigation was not forced upon Cisco by law enforcement agencies or anyone else, but was Cisco's decision.

The San Jose, Calif.-based networking giant didn't hesitate to throw some jabs at Juniper.

"We have seen none of the indicators discussed in Juniper's disclosure. Our products are the result of rigorous development practices that place security and trust at the fore," said Grieco. "They also receive continuous scrutiny from Cisco engineers, our customers, and third party security researchers, contributing to product integrity and assurance."

Partners said Cisco would "naturally" take some "competitive jabs" at Juniper.

"Even though Cisco might say, 'Hey, we don't implement back doors intentionally' -- one would believe that Juniper may not do that either," said Grillo.

Juniper's stock price took a dive Monday morning, dropping nearly 5 percent, to $27.05. As of 3:30 p.m. Wednesday, shares were slightly up at $27.70.

PUBLISHED DEC. 23, 2015

Back to Top

Video

 

trending stories

sponsored resources