Network security has become a great concern for network operators. In light of ongoing proliferation of security attacks by hackers and/or malicious programs (e.g., viruses and worms), many network operators are scrambling for security solutions to fend off unauthorized intrusions. Unfortunately, security measures in existing network architectures are often ineffective against incessant waves of security attacks that are becoming more sophisticated and more damaging. For example, many traditional methods for network access control only focus on user authentication (typically password-based), but tend to ignore a user's security context. Upon passing a simple user authentication, a client device may be permitted to access a network even if the client device lacks an updated security patch or has already been infected by viruses or worms. Such a client device can quickly infect other vulnerable devices in the network or be used by hackers to attack other networks. In addition, existing networks often lack effective countermeasures against potential security threats or existing breaches. Once a corrupted device is attached to a network, no systematic approach is available to detect the corrupted device or to prevent it from compromising the security of the entire network.
In view of the foregoing, it would be desirable to provide a network security solution which overcomes the above-described inadequacies and shortcomings.