Beside transport level security ScreenOS also integrates these flow management applications:
In December 2015, Juniper Networks announced that it had found unauthorized code in ScreenOS that had been there since August 2012. The two backdoors it created would allow sophisticated hackers to control the firewall of un-patched Juniper Netscreen products and decrypt network traffic. At least one of the backdoors appeared likely to have been the effort of a governmental interest. There was speculation in the security field about whether it was the NSA.1 Many in the security industry praised Juniper for being transparent about the breach.2 WIRED speculated that the lack of details that were disclosed and the intentional use of a random number generator with known security flaws could suggest that it was planted intentionally.3
A 2011 leaked NSA document says that GCHQ had current exploit capability against the following ScreenOS devices: NS5gt, N25, NS50, NS500, NS204, NS208, NS5200, NS5000, SSG5, SSG20, SSG140, ISG 1000, ISG 2000. The exploit capabilities seem consistent with the program codenamed FEEDTROUGH.4
Zetter, Kim (27 October 2008). "New Discovery Around Juniper Backdoor Raises More Questions About the Company". WIRED. Retrieved 15 January 2016. https://www.wired.com/2016/01/new-discovery-around-juniper-backdoor-raises-more-questions-about-the-company/ ↩
Ryan Gallagher, Glenn Greenwald (23 December 2015). "NSA Helped British Spies Find Security Holes In Juniper Firewalls". Retrieved 27 December 2015. /wiki/Ryan_Gallagher ↩
Release Notes 6.3.0r27 Rev 01 https://www.juniper.net/documentation/software/screenos/screenos6.3.0/rn-630r27-rev01.pdf ↩