Data Privacy and Data Masking: Difference between revisions

From VoIPmonitor.org
(Add on-demand CDR sharing with anonymization feature)
(Rewrite: consolidate structure, add quick reference table, streamline content)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
[[Category:Configuration]]
[[Category:Configuration]]
{{DISPLAYTITLE:Data Privacy and Data Masking: IP Anonymization and Limitations}}
{{DISPLAYTITLE:Data Privacy and Data Masking}}


VoIPmonitor provides options for data privacy and compliance, particularly for IP address anonymization. However, some data masking requirements (such as phone number masking) have inherent limitations due to system design considerations.
VoIPmonitor provides data privacy features for compliance requirements (GDPR, PCI DSS). This page covers what is supported, what is not, and workarounds.


== IP Address Anonymization ==
<kroki lang="mermaid">
%%{init: {'flowchart': {'nodeSpacing': 15, 'rankSpacing': 40}}}%%
flowchart TB
    subgraph supported["Supported"]
        IP[IP Anonymization]
        SIP[SIP Response Masking]
        SHARE[On-Demand Sharing]
    end
 
    subgraph unsupported["Not Supported"]
        DID[Phone Number Masking]
        ROLE[Role-Based GUI Masking]
    end
 
    IP --> |"Groups config"| DB[(Database)]
    SIP --> |"voipmonitor.conf"| DB
    DID -.-> |"Breaks CDR filtering"| DB
</kroki>
 
== Quick Reference ==


VoIPmonitor includes a robust feature for anonymizing IP addresses at the database storage level. This is useful for privacy compliance (e.g., GDPR) or hiding internal network topology.
{| class="wikitable"
|-
! Data Type !! Storage Masking !! GUI Masking !! Configuration
|-
| '''IP Addresses''' || Yes || Yes (stored value) || [[Groups#IP_Anonymize_Rewrite_Rules|Groups > IP Anonymize]]
|-
| '''Phone Numbers''' || No || No || Not available (breaks core functionality)
|-
| '''SIP Response Text''' || Yes || Yes || <code>cdr_sip_response_number_max_length</code> in voipmonitor.conf
|}


For complete configuration details, see [[Groups#IP_Anonymize_Rewrite_Rules|Groups: IP Anonymize Rewrite Rules]].
== IP Address Anonymization ==


=== Configuration Scope ===
Anonymize IP addresses at database storage level for privacy compliance or hiding internal network topology.


* Applies only to **new data** processed after saving the configuration
'''Configuration:''' GUI > Groups > IP Anonymize Rewrite Rules (see [[Groups#IP_Anonymize_Rewrite_Rules|Groups]])
* Existing records in the database are **not** retroactively anonymized
* Anonymized values are stored in the database, affecting CDR views, reports, and API responses


=== Anonymization Methods ===
=== Key Points ===


* Replace specific IPs with anonymized values
* Applies only to '''new data''' after saving configuration
* Anonymize network prefixes while preserving host addresses (1:1 mapping)
* Existing records are '''not''' retroactively anonymized
* Full CIDR mask support (0-32) for flexible rewriting rules
* Supports full CIDR notation (0-32) for flexible rewriting
* Can preserve host portion while masking network prefix (1:1 mapping)


== Phone Number / DID Masking Limitations ==
=== Configuration Parameters ===


Masking or anonymizing phone numbers (DIDs) in VoIPmonitor has significant limitations due to system architecture and data usage patterns.
{| class="wikitable"
|-
! Field !! Description
|-
| IP to anonymize || Original IP address or network to match
|-
| Mask (source) || CIDR mask for source (32 = single IP, 24 = /24 network)
|-
| Anonymous IP || Replacement IP to store
|-
| Mask (target) || If same as source, preserves host portion
|}


=== Why Phone Number Masking Is Not Supported ===
== SIP Response Text Masking ==


Phone numbers (the <code>caller</code> and <code>called</code> fields in CDRs) are fundamental to VoIPmonitor's core functionality:
Mask phone numbers appearing in the <code>lastSIPresponse</code> field (e.g., <code>"404 Not Found for 123456789"</code>).


* '''CDR Storage:''' The <code>cdr</code> table stores phone numbers as indexed fields used for searching, filtering, and grouping
'''Configuration:''' Set <code>cdr_sip_response_number_max_length</code> in <code>/etc/voipmonitor.conf</code>
* '''CDR Filtering:''' Phone numbers are primary search criteria in the CDR view and reports
* '''Grouping and Statistics:''' Call volume analysis, traffic patterns, and cost calculations all rely on full phone numbers
* '''Trunk Routing Analysis:''' Call routing decisions and trunk utilization metrics depend on complete number patterns
* '''Alert Rules:''' Alert configurations and triggers often match based on phone number patterns


If phone numbers were masked or hashed before storage, these features would not function correctly.
See [[Sniffer_configuration#cdr_sip_response_number_max_length|Sniffer Configuration]] for details.


=== Potential Alternative: Role-Based GUI Display Masking ===
== On-Demand CDR Sharing with Anonymization ==


'''Role-based masking in the GUI display only is not currently a VoIPmonitor feature.'''
Generate anonymized versions of CDRs and PCAP files for sharing without modifying database records.


This would involve showing masked values to users based on their permission level while storing complete numbers in the database. This functionality does not yet exist in the current product.
'''Steps:'''
# Configure anonymization rules in GUI > Groups > IP Anonymize Rewrite Rules
# In CDR view, select the record to share
# Click Menu > '''share CDR > show link (with anonymization)'''
# Download anonymized PCAP from the generated link


=== What IS Possible: Related Features ===
{{Note|1=This applies anonymization only to shared/downloaded data. Original database records remain unchanged.}}


While phone number masking for privacy compliance is not available, these related features exist:
== Phone Number Masking: Why Not Supported ==


* '''Prefix Lookup:''' A number resolution feature that can display names or labels instead of raw phone numbers in the GUI. Note: This is designed for operational convenience (showing customer names or location codes), **not** data privacy masking.
Phone numbers (<code>caller</code>/<code>called</code> fields) are fundamental to VoIPmonitor's core functionality:


{{Note|1=Prefix lookup is not a security feature. The underlying phone numbers are still accessible in the database and cannot be restricted by user role.}}
* '''CDR Filtering:''' Primary search criteria in CDR view and reports
* '''Statistics:''' Call volume, traffic patterns, cost calculations require full numbers
* '''Alerts:''' Pattern matching in alert rules depends on complete numbers
* '''Routing Analysis:''' Trunk utilization metrics need number patterns


* '''SIP Response Text Masking:''' For masking phone numbers that appear in the <code>lastSIPresponse</code> text field (e.g., <code>"404 Not Found for 123456789"</code>), see [[Sniffer_configuration#cdr_sip_response_number_max_length|cdr_sip_response_number_max_length]] in the sniffer configuration.
{{Warning|1=If phone numbers were masked before storage, CDR filtering, grouping, reports, and alerts would not function correctly.}}


* '''On-Demand CDR Sharing with Anonymization:''' You can generate on-demand anonymized versions of CDRs and pcap files for sharing or download. This feature uses the anonymization rules configured in Groups and applies them only to the shared data—the original database records are NOT modified.
=== What About Prefix Lookup? ===
** To use this feature:**
**# Configure anonymization rules in GUI → Settings → Groups → Anonymize IP Rewrite Rules
**# In the CDR view, select the CDR record you want to share
**# From the Menu button, choose '''share CDR → show link (with anonymization)'''
**# This generates a temporary link to the anonymized CDR, from which an anonymized pcap file can also be downloaded


{{Note|1=The on-demand sharing feature applies anonymization rules only to the shared/downloaded data. It does NOT modify the permanent database records or affect the main CDR list view.}}
Prefix Lookup displays names/labels instead of raw numbers in GUI. This is for '''operational convenience''' (showing customer names), '''not''' privacy masking.


== Recommendations for Privacy Compliance ==
{{Note|1=Prefix Lookup is not a security feature. Underlying phone numbers remain accessible in the database.}}


If you require phone number masking for privacy compliance (e.g., GDPR, PCI DSS, or local data protection regulations):
=== Role-Based GUI Masking ===


1. '''Database-Trigger Based Masking:''' Implement database triggers to mask phone numbers during queries or export processes. This preserves full CDR functionality while protecting data in exports.
Role-based display masking (showing masked values based on user permissions while storing complete data) is '''not currently implemented''' in VoIPmonitor.


2. '''Application-Level Masking:''' Build an API proxy or reporting layer that retrieves CDR data from VoIPmonitor and applies role-based masking before presenting data to end users.
== Workarounds for Phone Number Privacy ==


3. '''Separate Database Instances:''' For strict compliance scenarios, consider maintaining a read-only privacy-focused instance of the database with masked data, while using the main VoIPmonitor database for operational analysis.
If you require phone number masking for compliance:


4. '''Consult with Support:''' Contact VoIPmonitor support for guidance on your specific compliance requirements and potential custom solutions.
# '''Database Triggers:''' Implement triggers to mask numbers during queries/exports while preserving full functionality
# '''API Proxy:''' Build a reporting layer that applies masking before presenting data to users
# '''Separate Instance:''' Maintain a privacy-focused read-only database copy with masked data
# '''Contact Support:''' Discuss custom solutions for specific compliance requirements


== Comparison Table ==
== See Also ==


{| class="wikitable"
* [[Groups#IP_Anonymize_Rewrite_Rules|Groups: IP Anonymize Rewrite Rules]]
|-
* [[Sniffer_configuration|Sniffer Configuration]]
! Data Type !! Storage-Level Masking !! GUI Display Masking !! Notes
* [[User_Management|User Management and Access Control]]
|-
| '''IP Addresses''' || ✅ Supported ([[Groups#IP_Anonymize_Rewrite_Rules|IP Anonymize]]) || ✅ Same as storage (stored values are changed) || Affected by anonymization rules in Groups configuration
|-
| '''Phone Numbers (DIDs)''' || ❌ Not available || ❌ Not available || Storage masking prevents CDR filtering/reports; GUI display masking is not implemented
|-
| '''SIP Response Text''' || ✅ Supported ([[Sniffer_configuration#cdr_sip_response_number_max_length|sniffer config]]) || ✅ Same as storage || Configuration in <code>voipmonitor.conf</code> only
|}


== AI Summary for RAG ==
== AI Summary for RAG ==


'''Summary:''' VoIPmonitor provides built-in IP address anonymization at the database storage level via Groups configuration. Additionally, there's an on-demand CDR sharing feature that applies anonymization only to shared/downloaded data without modifying the original database records. Phone number masking (DIDs) is not supported because full phone numbers are required for CDR filtering, grouping, statistics, and alert functionality. Role-based GUI display masking for phone numbers is not currently a feature. Prefix Lookup provides number-to-name mapping for operational convenience but is not a security/privacy feature. For strict privacy compliance requiring phone number masking, consider external solutions like database triggers, application-level masking, or separate masked database instances.
'''Summary:''' VoIPmonitor provides IP address anonymization at database storage level via Groups configuration, and SIP response text masking via sniffer config. On-demand CDR sharing feature applies anonymization only to shared data without modifying original records. Phone number (DID) masking is NOT supported because full numbers are required for CDR filtering, statistics, alerts, and routing analysis. Role-based GUI display masking is not implemented. Prefix Lookup provides number-to-name mapping for operational convenience but is not a security feature. For phone number privacy compliance, use external solutions: database triggers, API proxy, or separate masked database instance.


'''Keywords:''' privacy, GDPR, data masking, anonymization, IP address anonymization, phone number masking, DID masking, Prefix Lookup, role-based access control, CDR filtering, compliance, IP anonymization rewrite rules, on-demand CDR sharing, anonymized pcap download
'''Keywords:''' privacy, GDPR, PCI DSS, data masking, anonymization, IP anonymization, phone number masking, DID masking, Prefix Lookup, CDR filtering, compliance, IP anonymize rewrite rules, on-demand CDR sharing, anonymized pcap, cdr_sip_response_number_max_length


'''Key Questions:'''
'''Key Questions:'''
* Can I anonymize IP addresses in VoIPmonitor for GDPR compliance?
* Can I anonymize IP addresses in VoIPmonitor for GDPR compliance?
* Does VoIPmonitor support phone number masking for privacy?
* Does VoIPmonitor support phone number masking?
* Why is phone number masking not supported in VoIPmonitor?
* Why is phone number masking not supported?
* What is the difference between Prefix Lookup and phone number masking?
* What is the difference between Prefix Lookup and phone number masking?
* How can I achieve phone number privacy compliance with VoIPmonitor?
* How can I achieve phone number privacy compliance?
* Can I mask numbers stored in the CDR database?
* Does IP anonymization apply to existing records retroactively?
* Is role-based GUI display masking of phone numbers available?
* What data masking features are available in VoIPmonitor?
* Does IP anonymization apply to existing CDR records retroactively?
* How does phone number masking affect CDR filtering and statistics?
* How do I share a CDR with anonymized data?
* How do I share a CDR with anonymized data?
* Can I download anonymized pcap files from VoIPmonitor?
* Can I download anonymized PCAP files?
* What is the difference between storage-level anonymization and on-demand CDR sharing?
* Is role-based GUI display masking available?

Latest revision as of 16:47, 8 January 2026


VoIPmonitor provides data privacy features for compliance requirements (GDPR, PCI DSS). This page covers what is supported, what is not, and workarounds.

Quick Reference

Data Type Storage Masking GUI Masking Configuration
IP Addresses Yes Yes (stored value) Groups > IP Anonymize
Phone Numbers No No Not available (breaks core functionality)
SIP Response Text Yes Yes cdr_sip_response_number_max_length in voipmonitor.conf

IP Address Anonymization

Anonymize IP addresses at database storage level for privacy compliance or hiding internal network topology.

Configuration: GUI > Groups > IP Anonymize Rewrite Rules (see Groups)

Key Points

  • Applies only to new data after saving configuration
  • Existing records are not retroactively anonymized
  • Supports full CIDR notation (0-32) for flexible rewriting
  • Can preserve host portion while masking network prefix (1:1 mapping)

Configuration Parameters

Field Description
IP to anonymize Original IP address or network to match
Mask (source) CIDR mask for source (32 = single IP, 24 = /24 network)
Anonymous IP Replacement IP to store
Mask (target) If same as source, preserves host portion

SIP Response Text Masking

Mask phone numbers appearing in the lastSIPresponse field (e.g., "404 Not Found for 123456789").

Configuration: Set cdr_sip_response_number_max_length in /etc/voipmonitor.conf

See Sniffer Configuration for details.

On-Demand CDR Sharing with Anonymization

Generate anonymized versions of CDRs and PCAP files for sharing without modifying database records.

Steps:

  1. Configure anonymization rules in GUI > Groups > IP Anonymize Rewrite Rules
  2. In CDR view, select the record to share
  3. Click Menu > share CDR > show link (with anonymization)
  4. Download anonymized PCAP from the generated link

ℹ️ Note: This applies anonymization only to shared/downloaded data. Original database records remain unchanged.

Phone Number Masking: Why Not Supported

Phone numbers (caller/called fields) are fundamental to VoIPmonitor's core functionality:

  • CDR Filtering: Primary search criteria in CDR view and reports
  • Statistics: Call volume, traffic patterns, cost calculations require full numbers
  • Alerts: Pattern matching in alert rules depends on complete numbers
  • Routing Analysis: Trunk utilization metrics need number patterns

⚠️ Warning: If phone numbers were masked before storage, CDR filtering, grouping, reports, and alerts would not function correctly.

What About Prefix Lookup?

Prefix Lookup displays names/labels instead of raw numbers in GUI. This is for operational convenience (showing customer names), not privacy masking.

ℹ️ Note: Prefix Lookup is not a security feature. Underlying phone numbers remain accessible in the database.

Role-Based GUI Masking

Role-based display masking (showing masked values based on user permissions while storing complete data) is not currently implemented in VoIPmonitor.

Workarounds for Phone Number Privacy

If you require phone number masking for compliance:

  1. Database Triggers: Implement triggers to mask numbers during queries/exports while preserving full functionality
  2. API Proxy: Build a reporting layer that applies masking before presenting data to users
  3. Separate Instance: Maintain a privacy-focused read-only database copy with masked data
  4. Contact Support: Discuss custom solutions for specific compliance requirements

See Also

AI Summary for RAG

Summary: VoIPmonitor provides IP address anonymization at database storage level via Groups configuration, and SIP response text masking via sniffer config. On-demand CDR sharing feature applies anonymization only to shared data without modifying original records. Phone number (DID) masking is NOT supported because full numbers are required for CDR filtering, statistics, alerts, and routing analysis. Role-based GUI display masking is not implemented. Prefix Lookup provides number-to-name mapping for operational convenience but is not a security feature. For phone number privacy compliance, use external solutions: database triggers, API proxy, or separate masked database instance.

Keywords: privacy, GDPR, PCI DSS, data masking, anonymization, IP anonymization, phone number masking, DID masking, Prefix Lookup, CDR filtering, compliance, IP anonymize rewrite rules, on-demand CDR sharing, anonymized pcap, cdr_sip_response_number_max_length

Key Questions:

  • Can I anonymize IP addresses in VoIPmonitor for GDPR compliance?
  • Does VoIPmonitor support phone number masking?
  • Why is phone number masking not supported?
  • What is the difference between Prefix Lookup and phone number masking?
  • How can I achieve phone number privacy compliance?
  • Does IP anonymization apply to existing records retroactively?
  • How do I share a CDR with anonymized data?
  • Can I download anonymized PCAP files?
  • Is role-based GUI display masking available?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=Data_Privacy_and_Data_Masking&oldid=10015"