Verizon Case Study分析和总结分析和总结.docx

VerizonWasRecklessInItsFailureToTimelyAndEffectivelyActUponMicrosoft’sRepeatedWarningsRegardingThe“Critical”RiskThatTheSlammerWormPosedToTheVerySystemPlatformsThatVerizonEmploys.

AccordingtoVerizon,duringtheweekendofJanuary25,2003,certaincomputersystemsoperatedbyVerizonanditsaffiliatedcompanieswereinfectedbyanInternetcomputervirusknownas“theSlammerWorm.”(Petitionat3-4.)VerizonfurtherstatesthatthevirusexploitedthevulnerabilitiesoftheMicrosoftSQLServer2000andpropagatedsuchhighvolumesoftrafficwithinVerizon?ssystemthatVerizonwasunabletosatisfyitsthreepre-orderwholesalemeasures,specifically,thosesetforthinPAPPO-2-02.(Petitionat3)Afterdescribingtheremedialeffortsitmadeafterlearningoftheinfection(Petitionat4-6),VerizonthencontendsthatVerizoncouldnotbereasonablyexpectedtohavetakentimelypreventativemeasurestoinoculateitssystemsfromtheSlammerWorm.(Petitionat6-8.)

Verizon?scontentionsthatitcouldnothaveanticipatedandtimelyinoculateditsystemsagainsttheSlammerWormvirusarewithoutmerit.Thefactsdemonstratethatthesoftwaremaker,Microsoft,hadissuedrepeatedwarningsformonthsregardingthisvirus.ThewarningsexplicitlyrankedthesecurityrisktothesystemsusedbyVerizonas“critical.”Theusersofsuchsystemswerewarnedto“immediately”inoculatetheirsystemsagainsttheSlammerWorm.Verizontooknoactionformonths.OnlyafterthevirusstruckdidVerizonfinallytakeaction.Verizonhasasubstantialinvestmentinitscomputersystems.Prudencedictatesthatitwouldhavewell-trainedinformationtechnology(IT)managersandthatthesemanagerswouldbealerttovirusessuchastheSlammerWorm,which,asVerizonnotes,attacks“asecurityvulnerabilityinMS[Microsoft]SQLServer2000andMSDE2000.”(Petitionat8.)TheSlammerWormwaswidelyknowntotheITcommunitywellbeforeJanuar