Can an Intrusion Prevention System (e.g. Snort) prevent CSRF and XSS attacks?



  • I am currently learning about IPS and was wondering about a query that applies to how IPS works. I have knowledge of CSRF and XSS attacks, however I am unsure if Intrusion Prevention Systems can prevent these attacks as it aims to block intrusions and is performed in-line/in-band. If someone could provide me further clarification that would be great, thanks



  • Intrusion Prevention System is a broad term. It basically says only that it is a system to prevent intrusions and does not imply a specific technical implementations. Therefore a variety of systems which somehow had the goal to prevent intrusion, were marketed as IPS when the term was hot. Therefore a generic statement about the capabilities of IPS to solve a specific problem cannot be made.

    As for systems like Snort or Suricata: These basically try to match pattern in the network traffic using predefined fixed signatures. They are capable of parsing HTTP traffic and do basic analysis on it. These capabilities can be used to create custom pattern to detect specific and pre-known CSRF and XSS attacks. These are not enough for a more generic approach - simply because such attacks cannot be generically detected with simple string matches and regular expressions in the first place.

    Additionally Suricata and Snort are not capable to analyse HTTPS traffic by their own. This means they must be strategically placed in the network so that they get the unencrypted traffic for analysis.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2