Data Privacy and Data Masking
VoIPmonitor provides data privacy features for compliance requirements (GDPR, PCI DSS). This page covers what is supported, what is not, and workarounds.
Quick Reference
| Data Type | Storage Masking | GUI Masking | Configuration |
|---|---|---|---|
| IP Addresses | Yes | Yes (stored value) | Groups > IP Anonymize |
| Phone Numbers | No | No | Not available (breaks core functionality) |
| SIP Response Text | Yes | Yes | cdr_sip_response_number_max_length in voipmonitor.conf
|
IP Address Anonymization
Anonymize IP addresses at database storage level for privacy compliance or hiding internal network topology.
Configuration: GUI > Groups > IP Anonymize Rewrite Rules (see Groups)
Key Points
- Applies only to new data after saving configuration
- Existing records are not retroactively anonymized
- Supports full CIDR notation (0-32) for flexible rewriting
- Can preserve host portion while masking network prefix (1:1 mapping)
Configuration Parameters
| Field | Description |
|---|---|
| IP to anonymize | Original IP address or network to match |
| Mask (source) | CIDR mask for source (32 = single IP, 24 = /24 network) |
| Anonymous IP | Replacement IP to store |
| Mask (target) | If same as source, preserves host portion |
SIP Response Text Masking
Mask phone numbers appearing in the lastSIPresponse field (e.g., "404 Not Found for 123456789").
Configuration: Set cdr_sip_response_number_max_length in /etc/voipmonitor.conf
See Sniffer Configuration for details.
On-Demand CDR Sharing with Anonymization
Generate anonymized versions of CDRs and PCAP files for sharing without modifying database records.
Steps:
- Configure anonymization rules in GUI > Groups > IP Anonymize Rewrite Rules
- In CDR view, select the record to share
- Click Menu > share CDR > show link (with anonymization)
- Download anonymized PCAP from the generated link
ℹ️ Note: This applies anonymization only to shared/downloaded data. Original database records remain unchanged.
Phone Number Masking: Why Not Supported
Phone numbers (caller/called fields) are fundamental to VoIPmonitor's core functionality:
- CDR Filtering: Primary search criteria in CDR view and reports
- Statistics: Call volume, traffic patterns, cost calculations require full numbers
- Alerts: Pattern matching in alert rules depends on complete numbers
- Routing Analysis: Trunk utilization metrics need number patterns
⚠️ Warning: If phone numbers were masked before storage, CDR filtering, grouping, reports, and alerts would not function correctly.
What About Prefix Lookup?
Prefix Lookup displays names/labels instead of raw numbers in GUI. This is for operational convenience (showing customer names), not privacy masking.
ℹ️ Note: Prefix Lookup is not a security feature. Underlying phone numbers remain accessible in the database.
Role-Based GUI Masking
Role-based display masking (showing masked values based on user permissions while storing complete data) is not currently implemented in VoIPmonitor.
Workarounds for Phone Number Privacy
If you require phone number masking for compliance:
- Database Triggers: Implement triggers to mask numbers during queries/exports while preserving full functionality
- API Proxy: Build a reporting layer that applies masking before presenting data to users
- Separate Instance: Maintain a privacy-focused read-only database copy with masked data
- Contact Support: Discuss custom solutions for specific compliance requirements
See Also
AI Summary for RAG
Summary: VoIPmonitor provides IP address anonymization at database storage level via Groups configuration, and SIP response text masking via sniffer config. On-demand CDR sharing feature applies anonymization only to shared data without modifying original records. Phone number (DID) masking is NOT supported because full numbers are required for CDR filtering, statistics, alerts, and routing analysis. Role-based GUI display masking is not implemented. Prefix Lookup provides number-to-name mapping for operational convenience but is not a security feature. For phone number privacy compliance, use external solutions: database triggers, API proxy, or separate masked database instance.
Keywords: privacy, GDPR, PCI DSS, data masking, anonymization, IP anonymization, phone number masking, DID masking, Prefix Lookup, CDR filtering, compliance, IP anonymize rewrite rules, on-demand CDR sharing, anonymized pcap, cdr_sip_response_number_max_length
Key Questions:
- Can I anonymize IP addresses in VoIPmonitor for GDPR compliance?
- Does VoIPmonitor support phone number masking?
- Why is phone number masking not supported?
- What is the difference between Prefix Lookup and phone number masking?
- How can I achieve phone number privacy compliance?
- Does IP anonymization apply to existing records retroactively?
- How do I share a CDR with anonymized data?
- Can I download anonymized PCAP files?
- Is role-based GUI display masking available?