The University of SydneyPage 55Network Security ControlsVulnerability and Threat assessmentNetwork Architecture–Network segmentation–Architect for availability–Avoid SPOF (single points of failure)–Encryption•Link encryption•End-to-end encryption•Secure Virtual Private Networks•Public Key Infrastructure and Certificates•SSL and SSHDesign and implementationStrong Authentication–One Time Password–Challenge Response authentication–Kerberos ACLs (Access Control Lists)