There are two categories of tools that are useful in practical computer (and network) security: firewalls and intrusion detection (and prevention) systems.

Firewalls are rule based and focus on network communication. They ensure proper traffic flows.

Intrusion detection and prevention systems work at a higher level. They monitor user behaviour to try to detect intrusions and can also take actions to prevent the intruders.

Videos

You’ll find the videos directly below. Watch them through FeedBackFruits, this way you can ask questions and start discussions during the videos. You’ll post anonymously.

Videos:

Reading

Chapter 21, focus on 21.4, of Anderson (2008).

Additional reading

RUAG Turla-APT case
Chapter 17 of Gollmann (2011)
Check out the RAID Symposium.
Snort network intrusion-detection system
OSSEC host-based intrusion-detection system
Measuring and circumventing Internet censorship

Related extracurricular reading

Discipline and Punish by the French philosopher Michel Foucault. Warning: It’s a heavy read!

The original French title and the translated Swedish titles are better: “Surveiller et punir” and “Övervakning och straff”, respectively. In English: “Surveillance and punishment”.

It’s more philosophical, providing theoretical tools to reason about the sociological aspects of e.g. preventing insiders from leaking sensitive data. It analyzes various societal institutions, from the prison to military barracks to schools. The book doesn't have a single word about computer science, it's about normative culture and how humans (society) function(s).

References

Anderson, Ross J. 2008. Security Engineering: A Guide to Building Dependable Distributed Systems. 2nd ed. Indianapolis, IN: Wiley. http://www.cl.cam.ac.uk/~rja14/book.html.

Gollmann, Dieter. 2011. Computer Security. 3rd ed. Chichester, West Sussex, U.K.: Wiley.