1. DISADVANTAGES OF TRADITIONAL NETWORK DEFENSES We have seen the most widely used attack and defense methods in network security today. This begs the question: why a new method of security? The answer is that the methods mentioned above have disadvantages which cannot be ignored: 1.1. ACCESS CONTROL LISTSSi. Access lists are ideal for performing simple filtering and security for basic networks. However, there are some things to keep in mind when building and implementing them. First, the longer an access list is, the more CPU time it uses. Very long access lists can significantly slow down your router and even impose an appreciable wait time on users trying to access machines on your network. ii. Second, access lists are not dynamic and therefore cannot adapt to changing network or security situations. Therefore, as things become more complex, you may want to reconsider the use of access lists.1.2. FIREWALLi. Firewalls provide a central point of attack and if an intruder breaches the firewall, they can have unrestricted access to the company's network. ii. They can prevent legitimate users from accessing valuable services. For example, enterprise users may not be allowed to access the web, or when working away from home, an enterprise user may not have full access to the organization's network. iii. They do not protect against backdoor attacks and may encourage users to enter and exit through the backdoor, such as modems and floppy disk import/export. This usually happens when service restrictions are severe enough. iv. Firewall systems alone cannot protect the network from contraband, such as when importing or exporting prohibited material through the firewall, such as game programs arriving in coins attached to an email... middle of paper..... .work includes components that can protect network connections in the data center, at the remote site or branch office, as well as on the desktop . Self-Defense Networks can either recommend a configuration or automatically apply a configuration to prevent certain network attacks. A "self-defense network" is a concept that some vendors are seeking to realize, but right now, Cisco is truly leading the game because of its dominant position in the LAN and WAN equipment market. Therefore, all products presented below are primarily manufactured by Cisco. Self-Defense Network Components include the following: • DDoS Mitigation, including DDoS Guard and DDoS Traffic Anomaly Detector • Adaptive Security Appliances (ASA) • Incident Control Service (ICS) • Network Access Control (NAC) • 802.1x • Host intrusion prevention: Security Agent • Security Centralized management