1.8 Ensure Retired JUNOS Devices are Disposed of Securely

Information

JUNOS Devices must be disposed of securely

Rationale:

As with all systems, there will come a point where a JUNOS Device has reached the end of it's service and must either be redeployed, recycled or disposed of.

JUNOS Devices used in production will typically contain a significant store of sensitive information, which may include:

Configuration details about your network and services

Sensitive or Personal data traversing the network, stored in packet captures, trace output or log files

Hashed Passwords and Shared Secrets for users, management platforms or Virtual Private Networks

Encryption Keys and other sensitive keying material used for IPSEC VPNs, X.509 Certificates or other uses

Attackers may attempt to gain information on potential targets or sensitive data by acquiring retired network devices and servers through theft, recycling services or online auctions. It is not uncommon to purchase used JUNOS Devices on sites like Ebay and find that the old configuration, encryption keys, licenses and other details are still present.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To ensure that sensitive data is not lost when disposing of or redeploying retired JUNOS Devices, it is essential that the system be fully zeroized. This process returns the system to its original factory default state, with no root password set and all configuration, backups, user specified options, encryption keys, etc deleted.
To zeroize a JUNOS Device, log in as a user with the maintenance permission or as root and issue the following command from Operational Mode:

root@host>request system zeroize media

The media option used above also undertakes a process to securely 'scrub' onboard memory and persistent media (such as flash, HDDs or SSDs) using a method equivalent to 'clearing' as specified in NIST SP800-88. Using the media option will take significantly more time, as it repeatedly overwrites every area of storage with random data, but is strongly recommended for all devices where the option is supported.
An increasing number of JUNOS Devices, such as the PTX5000 Series and some MX Series routers, utilize a Disaggregated JUNOS Operating System which hosts JUNOS as a Virtual Machine abstracting it from the physical Routing Engine hardware. In some instances the request system zeroize command will zeroize the Guest JUNOS VM only, and not the underlying Host OS. For these platforms the following command should be used from Operational Mode:

root@host>request vmhost zeroize

This command will clear both the JUNOS VM and the Host OS.
When some devices, such as EX or QFX Series, are deployed in Clusters, HA or Virtual Chassis environments the request system zeroize media command may be ignored or may operate on only the local node, so will need to be issued individually on each device being disposed of.
Ensure you check the current documentation for the request system zeroize command for your platform to ensure that all options are correctly specified and perform the operation as intended.
Where possible, devices which are being 'returned to base' from a deployment using third parties for transport should be zeroized before shipping.

See Also

https://workbench.cisecurity.org/files/3069

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv7|11

Plugin: Juniper

Control ID: 61bc51af4b530ec36abf2e409ec7b8b733681df54d5b881ef81e785ce598a4d9