Modern data networks may allow a client device to access one or more resources on a network. In certain situations, a client device may attempt to access sensitive resources, such as resources on a corporate network. For example, a client device may attempt to access a file server containing corporate financial data, such as sales records for a company.
Operators of networks may wish to restrict network access unless devices meet certain requirements. For example, a network operator may not want client devices accessing financial data unless the client belongs to a certain finance group. In another example, a network operator many want to allow peer-to-peer instant messaging communication initiated only from devices protected with antivirus software and running personal firewall software. The network operator may wish to use a number of different network policies to control access to a number of different resources on a network. Implementing a number of network policies may cause network administration and network policy enforcement to become very complex. As a result, the network operator may not be able to implement a desired number of policies in the network. Failure to implement adequate network policies may allow a client device to access resources that the client device should not be able to access.