How to use ntopng in compliance with GDPR

Posted · Add Comment

Today the General Data Protection Regulation (GDPR) (EU) 2016/679 is effective in the European Union. GDPR is designed to protect personal data and thus preserve privacy in particular as specified in articles 13 to 22, and 34. As we manufacture tools for traffic monitoring, we’ve to make sure that our tools can be used in compliancy with GDPR. In particular we’ve implemented a couple of features that can be useful:

  • If you go select “Preferences” from the ntopng menu, and click on the “Misc” pane you can access the preference for masking addresses.
    In essence you can configure ntopng to hide from the screen non local host information (or vice-versa). This prevents network administrators from being able to visualise the remote hosts a local host is talking with. This hides sensitive information such as the site being contacted or the URL but it allows you to keep an eye on the local network activities (i.e. those that are under your administrative domain).
  • Right to erasure: GDPR requires that at any time a user can ask to delete from the database any information stored about such user. This facility has been already implemented in ntopng, so that network administrators can delete at any time information about specific hosts or MAC addresses. You can do that by selecting “Manage Data” from the preferences menu that will bring you to the following formthat implements the GDPR “Right to be Forgotten”.

In the near future we will implement pseudonymization features that hides from network data sensitive information. These features are still in progress and will probably be extended to other components such as nDPI and PF_RING. Stay tuned for details!