Data Privacy and Data Masking: Difference between revisions
(Review: oprava neexistující šablony Hint na Note) |
(Add on-demand CDR sharing with anonymization feature) |
||
| Line 53: | Line 53: | ||
* '''SIP Response Text Masking:''' For masking phone numbers that appear in the <code>lastSIPresponse</code> text field (e.g., <code>"404 Not Found for 123456789"</code>), see [[Sniffer_configuration#cdr_sip_response_number_max_length|cdr_sip_response_number_max_length]] in the sniffer configuration. | * '''SIP Response Text Masking:''' For masking phone numbers that appear in the <code>lastSIPresponse</code> text field (e.g., <code>"404 Not Found for 123456789"</code>), see [[Sniffer_configuration#cdr_sip_response_number_max_length|cdr_sip_response_number_max_length]] in the sniffer configuration. | ||
* '''On-Demand CDR Sharing with Anonymization:''' You can generate on-demand anonymized versions of CDRs and pcap files for sharing or download. This feature uses the anonymization rules configured in Groups and applies them only to the shared data—the original database records are NOT modified. | |||
** To use this feature:** | |||
**# Configure anonymization rules in GUI → Settings → Groups → Anonymize IP Rewrite Rules | |||
**# In the CDR view, select the CDR record you want to share | |||
**# From the Menu button, choose '''share CDR → show link (with anonymization)''' | |||
**# This generates a temporary link to the anonymized CDR, from which an anonymized pcap file can also be downloaded | |||
{{Note|1=The on-demand sharing feature applies anonymization rules only to the shared/downloaded data. It does NOT modify the permanent database records or affect the main CDR list view.}} | |||
== Recommendations for Privacy Compliance == | == Recommendations for Privacy Compliance == | ||
| Line 81: | Line 90: | ||
== AI Summary for RAG == | == AI Summary for RAG == | ||
'''Summary:''' VoIPmonitor provides built-in IP address anonymization at the database storage level via Groups configuration. Phone number masking (DIDs) is not supported because full phone numbers are required for CDR filtering, grouping, statistics, and alert functionality. Role-based GUI display masking for phone numbers is not currently a feature. Prefix Lookup provides number-to-name mapping for operational convenience but is not a security/privacy feature. For strict privacy compliance requiring phone number masking, consider external solutions like database triggers, application-level masking, or separate masked database instances. | '''Summary:''' VoIPmonitor provides built-in IP address anonymization at the database storage level via Groups configuration. Additionally, there's an on-demand CDR sharing feature that applies anonymization only to shared/downloaded data without modifying the original database records. Phone number masking (DIDs) is not supported because full phone numbers are required for CDR filtering, grouping, statistics, and alert functionality. Role-based GUI display masking for phone numbers is not currently a feature. Prefix Lookup provides number-to-name mapping for operational convenience but is not a security/privacy feature. For strict privacy compliance requiring phone number masking, consider external solutions like database triggers, application-level masking, or separate masked database instances. | ||
'''Keywords:''' privacy, GDPR, data masking, anonymization, IP address anonymization, phone number masking, DID masking, Prefix Lookup, role-based access control, CDR filtering, compliance, IP anonymization rewrite rules | '''Keywords:''' privacy, GDPR, data masking, anonymization, IP address anonymization, phone number masking, DID masking, Prefix Lookup, role-based access control, CDR filtering, compliance, IP anonymization rewrite rules, on-demand CDR sharing, anonymized pcap download | ||
'''Key Questions:''' | '''Key Questions:''' | ||
| Line 96: | Line 105: | ||
* Does IP anonymization apply to existing CDR records retroactively? | * Does IP anonymization apply to existing CDR records retroactively? | ||
* How does phone number masking affect CDR filtering and statistics? | * How does phone number masking affect CDR filtering and statistics? | ||
* How do I share a CDR with anonymized data? | |||
* Can I download anonymized pcap files from VoIPmonitor? | |||
* What is the difference between storage-level anonymization and on-demand CDR sharing? | |||
Revision as of 20:56, 6 January 2026
VoIPmonitor provides options for data privacy and compliance, particularly for IP address anonymization. However, some data masking requirements (such as phone number masking) have inherent limitations due to system design considerations.
IP Address Anonymization
VoIPmonitor includes a robust feature for anonymizing IP addresses at the database storage level. This is useful for privacy compliance (e.g., GDPR) or hiding internal network topology.
For complete configuration details, see Groups: IP Anonymize Rewrite Rules.
Configuration Scope
- Applies only to **new data** processed after saving the configuration
- Existing records in the database are **not** retroactively anonymized
- Anonymized values are stored in the database, affecting CDR views, reports, and API responses
Anonymization Methods
- Replace specific IPs with anonymized values
- Anonymize network prefixes while preserving host addresses (1:1 mapping)
- Full CIDR mask support (0-32) for flexible rewriting rules
Phone Number / DID Masking Limitations
Masking or anonymizing phone numbers (DIDs) in VoIPmonitor has significant limitations due to system architecture and data usage patterns.
Why Phone Number Masking Is Not Supported
Phone numbers (the caller and called fields in CDRs) are fundamental to VoIPmonitor's core functionality:
- CDR Storage: The
cdrtable stores phone numbers as indexed fields used for searching, filtering, and grouping - CDR Filtering: Phone numbers are primary search criteria in the CDR view and reports
- Grouping and Statistics: Call volume analysis, traffic patterns, and cost calculations all rely on full phone numbers
- Trunk Routing Analysis: Call routing decisions and trunk utilization metrics depend on complete number patterns
- Alert Rules: Alert configurations and triggers often match based on phone number patterns
If phone numbers were masked or hashed before storage, these features would not function correctly.
Potential Alternative: Role-Based GUI Display Masking
Role-based masking in the GUI display only is not currently a VoIPmonitor feature.
This would involve showing masked values to users based on their permission level while storing complete numbers in the database. This functionality does not yet exist in the current product.
What IS Possible: Related Features
While phone number masking for privacy compliance is not available, these related features exist:
- Prefix Lookup: A number resolution feature that can display names or labels instead of raw phone numbers in the GUI. Note: This is designed for operational convenience (showing customer names or location codes), **not** data privacy masking.
ℹ️ Note: Prefix lookup is not a security feature. The underlying phone numbers are still accessible in the database and cannot be restricted by user role.
- SIP Response Text Masking: For masking phone numbers that appear in the
lastSIPresponsetext field (e.g.,"404 Not Found for 123456789"), see cdr_sip_response_number_max_length in the sniffer configuration.
- On-Demand CDR Sharing with Anonymization: You can generate on-demand anonymized versions of CDRs and pcap files for sharing or download. This feature uses the anonymization rules configured in Groups and applies them only to the shared data—the original database records are NOT modified.
- To use this feature:**
- Configure anonymization rules in GUI → Settings → Groups → Anonymize IP Rewrite Rules
- In the CDR view, select the CDR record you want to share
- From the Menu button, choose share CDR → show link (with anonymization)
- This generates a temporary link to the anonymized CDR, from which an anonymized pcap file can also be downloaded
- To use this feature:**
ℹ️ Note: The on-demand sharing feature applies anonymization rules only to the shared/downloaded data. It does NOT modify the permanent database records or affect the main CDR list view.
Recommendations for Privacy Compliance
If you require phone number masking for privacy compliance (e.g., GDPR, PCI DSS, or local data protection regulations):
1. Database-Trigger Based Masking: Implement database triggers to mask phone numbers during queries or export processes. This preserves full CDR functionality while protecting data in exports.
2. Application-Level Masking: Build an API proxy or reporting layer that retrieves CDR data from VoIPmonitor and applies role-based masking before presenting data to end users.
3. Separate Database Instances: For strict compliance scenarios, consider maintaining a read-only privacy-focused instance of the database with masked data, while using the main VoIPmonitor database for operational analysis.
4. Consult with Support: Contact VoIPmonitor support for guidance on your specific compliance requirements and potential custom solutions.
Comparison Table
| Data Type | Storage-Level Masking | GUI Display Masking | Notes |
|---|---|---|---|
| IP Addresses | ✅ Supported (IP Anonymize) | ✅ Same as storage (stored values are changed) | Affected by anonymization rules in Groups configuration |
| Phone Numbers (DIDs) | ❌ Not available | ❌ Not available | Storage masking prevents CDR filtering/reports; GUI display masking is not implemented |
| SIP Response Text | ✅ Supported (sniffer config) | ✅ Same as storage | Configuration in voipmonitor.conf only
|
AI Summary for RAG
Summary: VoIPmonitor provides built-in IP address anonymization at the database storage level via Groups configuration. Additionally, there's an on-demand CDR sharing feature that applies anonymization only to shared/downloaded data without modifying the original database records. Phone number masking (DIDs) is not supported because full phone numbers are required for CDR filtering, grouping, statistics, and alert functionality. Role-based GUI display masking for phone numbers is not currently a feature. Prefix Lookup provides number-to-name mapping for operational convenience but is not a security/privacy feature. For strict privacy compliance requiring phone number masking, consider external solutions like database triggers, application-level masking, or separate masked database instances.
Keywords: privacy, GDPR, data masking, anonymization, IP address anonymization, phone number masking, DID masking, Prefix Lookup, role-based access control, CDR filtering, compliance, IP anonymization rewrite rules, on-demand CDR sharing, anonymized pcap download
Key Questions:
- Can I anonymize IP addresses in VoIPmonitor for GDPR compliance?
- Does VoIPmonitor support phone number masking for privacy?
- Why is phone number masking not supported in VoIPmonitor?
- What is the difference between Prefix Lookup and phone number masking?
- How can I achieve phone number privacy compliance with VoIPmonitor?
- Can I mask numbers stored in the CDR database?
- Is role-based GUI display masking of phone numbers available?
- What data masking features are available in VoIPmonitor?
- Does IP anonymization apply to existing CDR records retroactively?
- How does phone number masking affect CDR filtering and statistics?
- How do I share a CDR with anonymized data?
- Can I download anonymized pcap files from VoIPmonitor?
- What is the difference between storage-level anonymization and on-demand CDR sharing?