il corretto monitoraggio dipenderà dalla configurazione della tua rete e dall'ambiente in cui ti senti a tuo agio.
seguendo lo scenario e come risposta rapida probabilmente vorresti fare uno studio approfondito di questi concetti e di come applicarli, in quanto le raccomandazioni degli strumenti saranno davvero specifiche per la tua rete e non hai dato molte informazioni sulla tua rete e sui tuoi servizi.
ID da wikipedia
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station
IPS da wikipedia
Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it
l'uso di honeypot è davvero raccomandato,
In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data (for example, in a network site) that appears to be a legitimate part of the site but is actually isolated and monitored, and that seems to contain information or a resource of value to attackers, which are then blocked. This is similar to the police baiting a criminal and then conducting undercover surveillance, and finally punishing the criminal.
Il protocollo SNMP da wikipedia
SNMP is widely used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.