We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >


0 replies

Last post Feb 06, 2017 04:24 AM by Yazz idE


    Feb 06, 2017 04:24 AM|Yazz idE|LINK

    I'm Yaser from India.I certificated in MCSA (ID F466-4560) . I'm working on IIS Server. In the real world, so many web attacks are undergoing now.In my experience, I realized that, if the website attacked, administrator  suffering to get back the original website mode, many times the administrator saying that they need hours of time to back the website in original web mode. this time, users and customers can't get any scene from websites

    basically,  I'm security engineer , I found a solution for this, we are going to bring a NEW FEATURE ON OUR IIS SERVER . It's called "ROLL-BACK SYSTEM"


    Its feature called ROLL-BACK SYSTEM (RB System ), I'm going to explain a demo of my idea

    Every login time we are going to create the one exact 'RB Sys backup' of the website.


    Normal case !

       10:30 AM  

     Administrator updated the web content

       10:35 AM

     Attacker compromised login information and enter to the console, the attacker changed web content and they modified the websites and collected the informationMoney Mouth


         10:45 AM

                  The users and customers going to see the websites. It's made the huge problem. Admin trying to back original mode,by normal case Administrator taking more than hours. its time the company website is not available to users,customers or any other people.InnocentInnocent

     CoolWell then our RB System going to apply here!


      10:30 AM  

    Administrator updated the web content  ( RB Sys backup files created )

      10:35 AM

    Attacker disclose login information and enter to the    console, the attacker changed web content and they modified the websites  ( RB Sys backup files created )


      10. 40 AM  

      Admin login and try to back original content  the website


    Here totally we created the 2 'RB Sys backup'  Admin wanna use our feature to backup the web content (what on 10:30 AM ).  “ But it's need one more third  party  authentication “ (our new authentication console for this project  ) to access our "Roll-back system" then admin succeed the authentication process. By a single click the 'Roll back system' special backup file going to up , ( need seconds only ) next second every users and customer can watch our website normally ...



    1   New security feature implemented on IIS

    2   No longer time, only second need to back the original state

    3   Roll back system’s database is not on their local system

    4   Administration simplified

    5   Maintain Separate Authentication  mode ( locally or Globally )

    6   Attacker wants to one more authentication process to touch our RB Systems

    7   Default only two 'RB sys backup' maintain





     1. We need to maintain separate authentication process ( all detail documented )  


    Every Aspect of the project is  documented here! If you guys interested, i will explain you each module separately.

    Thanks You

     Yaser vp