Data Privacy and Data Masking: Difference between revisions

From VoIPmonitor.org
(Review: oprava neexistující šablony Hint na Note)
(Rewrite: consolidate structure, add quick reference table, streamline content)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:Configuration]]
[[Category:Configuration]]
{{DISPLAYTITLE:Data Privacy and Data Masking: IP Anonymization and Limitations}}
{{DISPLAYTITLE:Data Privacy and Data Masking}}


VoIPmonitor provides options for data privacy and compliance, particularly for IP address anonymization. However, some data masking requirements (such as phone number masking) have inherent limitations due to system design considerations.
VoIPmonitor provides data privacy features for compliance requirements (GDPR, PCI DSS). This page covers what is supported, what is not, and workarounds.
 
<kroki lang="mermaid">
%%{init: {'flowchart': {'nodeSpacing': 15, 'rankSpacing': 40}}}%%
flowchart TB
    subgraph supported["Supported"]
        IP[IP Anonymization]
        SIP[SIP Response Masking]
        SHARE[On-Demand Sharing]
    end
 
    subgraph unsupported["Not Supported"]
        DID[Phone Number Masking]
        ROLE[Role-Based GUI Masking]
    end
 
    IP --> |"Groups config"| DB[(Database)]
    SIP --> |"voipmonitor.conf"| DB
    DID -.-> |"Breaks CDR filtering"| DB
</kroki>
 
== Quick Reference ==
 
{| class="wikitable"
|-
! Data Type !! Storage Masking !! GUI Masking !! Configuration
|-
| '''IP Addresses''' || Yes || Yes (stored value) || [[Groups#IP_Anonymize_Rewrite_Rules|Groups > IP Anonymize]]
|-
| '''Phone Numbers''' || No || No || Not available (breaks core functionality)
|-
| '''SIP Response Text''' || Yes || Yes || <code>cdr_sip_response_number_max_length</code> in voipmonitor.conf
|}


== IP Address Anonymization ==
== IP Address Anonymization ==


VoIPmonitor includes a robust feature for anonymizing IP addresses at the database storage level. This is useful for privacy compliance (e.g., GDPR) or hiding internal network topology.
Anonymize IP addresses at database storage level for privacy compliance or hiding internal network topology.


For complete configuration details, see [[Groups#IP_Anonymize_Rewrite_Rules|Groups: IP Anonymize Rewrite Rules]].
'''Configuration:''' GUI > Groups > IP Anonymize Rewrite Rules (see [[Groups#IP_Anonymize_Rewrite_Rules|Groups]])


=== Configuration Scope ===
=== Key Points ===


* Applies only to **new data** processed after saving the configuration
* Applies only to '''new data''' after saving configuration
* Existing records in the database are **not** retroactively anonymized
* Existing records are '''not''' retroactively anonymized
* Anonymized values are stored in the database, affecting CDR views, reports, and API responses
* Supports full CIDR notation (0-32) for flexible rewriting
* Can preserve host portion while masking network prefix (1:1 mapping)


=== Anonymization Methods ===
=== Configuration Parameters ===


* Replace specific IPs with anonymized values
{| class="wikitable"
* Anonymize network prefixes while preserving host addresses (1:1 mapping)
|-
* Full CIDR mask support (0-32) for flexible rewriting rules
! Field !! Description
|-
| IP to anonymize || Original IP address or network to match
|-
| Mask (source) || CIDR mask for source (32 = single IP, 24 = /24 network)
|-
| Anonymous IP || Replacement IP to store
|-
| Mask (target) || If same as source, preserves host portion
|}


== Phone Number / DID Masking Limitations ==
== SIP Response Text Masking ==


Masking or anonymizing phone numbers (DIDs) in VoIPmonitor has significant limitations due to system architecture and data usage patterns.
Mask phone numbers appearing in the <code>lastSIPresponse</code> field (e.g., <code>"404 Not Found for 123456789"</code>).


=== Why Phone Number Masking Is Not Supported ===
'''Configuration:''' Set <code>cdr_sip_response_number_max_length</code> in <code>/etc/voipmonitor.conf</code>


Phone numbers (the <code>caller</code> and <code>called</code> fields in CDRs) are fundamental to VoIPmonitor's core functionality:
See [[Sniffer_configuration#cdr_sip_response_number_max_length|Sniffer Configuration]] for details.


* '''CDR Storage:''' The <code>cdr</code> table stores phone numbers as indexed fields used for searching, filtering, and grouping
== On-Demand CDR Sharing with Anonymization ==
* '''CDR Filtering:''' Phone numbers are primary search criteria in the CDR view and reports
* '''Grouping and Statistics:''' Call volume analysis, traffic patterns, and cost calculations all rely on full phone numbers
* '''Trunk Routing Analysis:''' Call routing decisions and trunk utilization metrics depend on complete number patterns
* '''Alert Rules:''' Alert configurations and triggers often match based on phone number patterns


If phone numbers were masked or hashed before storage, these features would not function correctly.
Generate anonymized versions of CDRs and PCAP files for sharing without modifying database records.


=== Potential Alternative: Role-Based GUI Display Masking ===
'''Steps:'''
# Configure anonymization rules in GUI > Groups > IP Anonymize Rewrite Rules
# In CDR view, select the record to share
# Click Menu > '''share CDR > show link (with anonymization)'''
# Download anonymized PCAP from the generated link


'''Role-based masking in the GUI display only is not currently a VoIPmonitor feature.'''
{{Note|1=This applies anonymization only to shared/downloaded data. Original database records remain unchanged.}}


This would involve showing masked values to users based on their permission level while storing complete numbers in the database. This functionality does not yet exist in the current product.
== Phone Number Masking: Why Not Supported ==


=== What IS Possible: Related Features ===
Phone numbers (<code>caller</code>/<code>called</code> fields) are fundamental to VoIPmonitor's core functionality:


While phone number masking for privacy compliance is not available, these related features exist:
* '''CDR Filtering:''' Primary search criteria in CDR view and reports
* '''Statistics:''' Call volume, traffic patterns, cost calculations require full numbers
* '''Alerts:''' Pattern matching in alert rules depends on complete numbers
* '''Routing Analysis:''' Trunk utilization metrics need number patterns


* '''Prefix Lookup:''' A number resolution feature that can display names or labels instead of raw phone numbers in the GUI. Note: This is designed for operational convenience (showing customer names or location codes), **not** data privacy masking.
{{Warning|1=If phone numbers were masked before storage, CDR filtering, grouping, reports, and alerts would not function correctly.}}


{{Note|1=Prefix lookup is not a security feature. The underlying phone numbers are still accessible in the database and cannot be restricted by user role.}}
=== What About Prefix Lookup? ===


* '''SIP Response Text Masking:''' For masking phone numbers that appear in the <code>lastSIPresponse</code> text field (e.g., <code>"404 Not Found for 123456789"</code>), see [[Sniffer_configuration#cdr_sip_response_number_max_length|cdr_sip_response_number_max_length]] in the sniffer configuration.
Prefix Lookup displays names/labels instead of raw numbers in GUI. This is for '''operational convenience''' (showing customer names), '''not''' privacy masking.


== Recommendations for Privacy Compliance ==
{{Note|1=Prefix Lookup is not a security feature. Underlying phone numbers remain accessible in the database.}}


If you require phone number masking for privacy compliance (e.g., GDPR, PCI DSS, or local data protection regulations):
=== Role-Based GUI Masking ===


1. '''Database-Trigger Based Masking:''' Implement database triggers to mask phone numbers during queries or export processes. This preserves full CDR functionality while protecting data in exports.
Role-based display masking (showing masked values based on user permissions while storing complete data) is '''not currently implemented''' in VoIPmonitor.


2. '''Application-Level Masking:''' Build an API proxy or reporting layer that retrieves CDR data from VoIPmonitor and applies role-based masking before presenting data to end users.
== Workarounds for Phone Number Privacy ==


3. '''Separate Database Instances:''' For strict compliance scenarios, consider maintaining a read-only privacy-focused instance of the database with masked data, while using the main VoIPmonitor database for operational analysis.
If you require phone number masking for compliance:


4. '''Consult with Support:''' Contact VoIPmonitor support for guidance on your specific compliance requirements and potential custom solutions.
# '''Database Triggers:''' Implement triggers to mask numbers during queries/exports while preserving full functionality
# '''API Proxy:''' Build a reporting layer that applies masking before presenting data to users
# '''Separate Instance:''' Maintain a privacy-focused read-only database copy with masked data
# '''Contact Support:''' Discuss custom solutions for specific compliance requirements


== Comparison Table ==
== See Also ==


{| class="wikitable"
* [[Groups#IP_Anonymize_Rewrite_Rules|Groups: IP Anonymize Rewrite Rules]]
|-
* [[Sniffer_configuration|Sniffer Configuration]]
! Data Type !! Storage-Level Masking !! GUI Display Masking !! Notes
* [[User_Management|User Management and Access Control]]
|-
| '''IP Addresses''' || ✅ Supported ([[Groups#IP_Anonymize_Rewrite_Rules|IP Anonymize]]) || ✅ Same as storage (stored values are changed) || Affected by anonymization rules in Groups configuration
|-
| '''Phone Numbers (DIDs)''' || ❌ Not available || ❌ Not available || Storage masking prevents CDR filtering/reports; GUI display masking is not implemented
|-
| '''SIP Response Text''' || ✅ Supported ([[Sniffer_configuration#cdr_sip_response_number_max_length|sniffer config]]) || ✅ Same as storage || Configuration in <code>voipmonitor.conf</code> only
|}


== AI Summary for RAG ==
== AI Summary for RAG ==


'''Summary:''' VoIPmonitor provides built-in IP address anonymization at the database storage level via Groups configuration. Phone number masking (DIDs) is not supported because full phone numbers are required for CDR filtering, grouping, statistics, and alert functionality. Role-based GUI display masking for phone numbers is not currently a feature. Prefix Lookup provides number-to-name mapping for operational convenience but is not a security/privacy feature. For strict privacy compliance requiring phone number masking, consider external solutions like database triggers, application-level masking, or separate masked database instances.
'''Summary:''' VoIPmonitor provides IP address anonymization at database storage level via Groups configuration, and SIP response text masking via sniffer config. On-demand CDR sharing feature applies anonymization only to shared data without modifying original records. Phone number (DID) masking is NOT supported because full numbers are required for CDR filtering, statistics, alerts, and routing analysis. Role-based GUI display masking is not implemented. Prefix Lookup provides number-to-name mapping for operational convenience but is not a security feature. For phone number privacy compliance, use external solutions: database triggers, API proxy, or separate masked database instance.


'''Keywords:''' privacy, GDPR, data masking, anonymization, IP address anonymization, phone number masking, DID masking, Prefix Lookup, role-based access control, CDR filtering, compliance, IP anonymization rewrite rules
'''Keywords:''' privacy, GDPR, PCI DSS, data masking, anonymization, IP anonymization, phone number masking, DID masking, Prefix Lookup, CDR filtering, compliance, IP anonymize rewrite rules, on-demand CDR sharing, anonymized pcap, cdr_sip_response_number_max_length


'''Key Questions:'''
'''Key Questions:'''
* Can I anonymize IP addresses in VoIPmonitor for GDPR compliance?
* Can I anonymize IP addresses in VoIPmonitor for GDPR compliance?
* Does VoIPmonitor support phone number masking for privacy?
* Does VoIPmonitor support phone number masking?
* Why is phone number masking not supported in VoIPmonitor?
* Why is phone number masking not supported?
* What is the difference between Prefix Lookup and phone number masking?
* What is the difference between Prefix Lookup and phone number masking?
* How can I achieve phone number privacy compliance with VoIPmonitor?
* How can I achieve phone number privacy compliance?
* Can I mask numbers stored in the CDR database?
* Does IP anonymization apply to existing records retroactively?
* Is role-based GUI display masking of phone numbers available?
* How do I share a CDR with anonymized data?
* What data masking features are available in VoIPmonitor?
* Can I download anonymized PCAP files?
* Does IP anonymization apply to existing CDR records retroactively?
* Is role-based GUI display masking available?
* How does phone number masking affect CDR filtering and statistics?

Latest revision as of 16:47, 8 January 2026


VoIPmonitor provides data privacy features for compliance requirements (GDPR, PCI DSS). This page covers what is supported, what is not, and workarounds.

Quick Reference

Data Type Storage Masking GUI Masking Configuration
IP Addresses Yes Yes (stored value) Groups > IP Anonymize
Phone Numbers No No Not available (breaks core functionality)
SIP Response Text Yes Yes cdr_sip_response_number_max_length in voipmonitor.conf

IP Address Anonymization

Anonymize IP addresses at database storage level for privacy compliance or hiding internal network topology.

Configuration: GUI > Groups > IP Anonymize Rewrite Rules (see Groups)

Key Points

  • Applies only to new data after saving configuration
  • Existing records are not retroactively anonymized
  • Supports full CIDR notation (0-32) for flexible rewriting
  • Can preserve host portion while masking network prefix (1:1 mapping)

Configuration Parameters

Field Description
IP to anonymize Original IP address or network to match
Mask (source) CIDR mask for source (32 = single IP, 24 = /24 network)
Anonymous IP Replacement IP to store
Mask (target) If same as source, preserves host portion

SIP Response Text Masking

Mask phone numbers appearing in the lastSIPresponse field (e.g., "404 Not Found for 123456789").

Configuration: Set cdr_sip_response_number_max_length in /etc/voipmonitor.conf

See Sniffer Configuration for details.

On-Demand CDR Sharing with Anonymization

Generate anonymized versions of CDRs and PCAP files for sharing without modifying database records.

Steps:

  1. Configure anonymization rules in GUI > Groups > IP Anonymize Rewrite Rules
  2. In CDR view, select the record to share
  3. Click Menu > share CDR > show link (with anonymization)
  4. Download anonymized PCAP from the generated link

ℹ️ Note: This applies anonymization only to shared/downloaded data. Original database records remain unchanged.

Phone Number Masking: Why Not Supported

Phone numbers (caller/called fields) are fundamental to VoIPmonitor's core functionality:

  • CDR Filtering: Primary search criteria in CDR view and reports
  • Statistics: Call volume, traffic patterns, cost calculations require full numbers
  • Alerts: Pattern matching in alert rules depends on complete numbers
  • Routing Analysis: Trunk utilization metrics need number patterns

⚠️ Warning: If phone numbers were masked before storage, CDR filtering, grouping, reports, and alerts would not function correctly.

What About Prefix Lookup?

Prefix Lookup displays names/labels instead of raw numbers in GUI. This is for operational convenience (showing customer names), not privacy masking.

ℹ️ Note: Prefix Lookup is not a security feature. Underlying phone numbers remain accessible in the database.

Role-Based GUI Masking

Role-based display masking (showing masked values based on user permissions while storing complete data) is not currently implemented in VoIPmonitor.

Workarounds for Phone Number Privacy

If you require phone number masking for compliance:

  1. Database Triggers: Implement triggers to mask numbers during queries/exports while preserving full functionality
  2. API Proxy: Build a reporting layer that applies masking before presenting data to users
  3. Separate Instance: Maintain a privacy-focused read-only database copy with masked data
  4. Contact Support: Discuss custom solutions for specific compliance requirements

See Also

AI Summary for RAG

Summary: VoIPmonitor provides IP address anonymization at database storage level via Groups configuration, and SIP response text masking via sniffer config. On-demand CDR sharing feature applies anonymization only to shared data without modifying original records. Phone number (DID) masking is NOT supported because full numbers are required for CDR filtering, statistics, alerts, and routing analysis. Role-based GUI display masking is not implemented. Prefix Lookup provides number-to-name mapping for operational convenience but is not a security feature. For phone number privacy compliance, use external solutions: database triggers, API proxy, or separate masked database instance.

Keywords: privacy, GDPR, PCI DSS, data masking, anonymization, IP anonymization, phone number masking, DID masking, Prefix Lookup, CDR filtering, compliance, IP anonymize rewrite rules, on-demand CDR sharing, anonymized pcap, cdr_sip_response_number_max_length

Key Questions:

  • Can I anonymize IP addresses in VoIPmonitor for GDPR compliance?
  • Does VoIPmonitor support phone number masking?
  • Why is phone number masking not supported?
  • What is the difference between Prefix Lookup and phone number masking?
  • How can I achieve phone number privacy compliance?
  • Does IP anonymization apply to existing records retroactively?
  • How do I share a CDR with anonymized data?
  • Can I download anonymized PCAP files?
  • Is role-based GUI display masking available?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=Data_Privacy_and_Data_Masking&oldid=10015"