Data Masking Technology in Network Packet Broker and TAP for Packet Generator from Cloud
What is Data Masking?
Data Masking(Data desensitization), also called bleaching, Data Privacy or Data Distortion. Refers to the distortion of some sensitive information through desensitization rules to achieve reliable protection of sensitive privacy data.When customer security data or some commercially sensitive data are involved, real data should be modified and tested without violating system rules. Personal information such as ID card number, mobile phone number, card number and customer number should be desensitized.
There are many examples of data desensitization in our lives. For example, the most common train tickets and consignee addresses of E-commerce companies all deal with sensitive information. Even the beauty faces familiar to lesbians and the mosaics in some videos all belong to desensitization.
Why need data Masking?
It said above that the data should be modified "when customer security data or some commercially sensitive data are involved", indicating that the data to be modified is related to the security of user or enterprise data. Data Masking is actually encryption of these data to prevent leakage.
For the degree of data masking, generally, as long as the original information cannot be inferred, it will not cause information leakage. If there are too many modifications, it is easy to lose the original characteristics of the data.Therefore, in practice, it is necessary to select appropriate desensitization rules according to the actual scene.Change the name, ID number, address, mobile phone number, telephone number and other customer related fields.
How to mask data in NetTAP® Network Packet Brokers and Network Taps?
According to the desensitization rules, it can be divided into recoverable desensitization and non-recoverable desensitization.Recoverable desensitization means that after the conversion of data by desensitization rules, the original data can be restored again through some processing. On the contrary, after the non-recoverable desensitization of data, the original data cannot be restored. The two can be regarded as reversible encryption and irreversible encryption respectively.
Privacy Data Masking Technology
Usually in the big data platform, data is stored in a structured format. Each table is composed of many rows, and each row of data is composed of many columns.According to the data properties of the column, the data column can generally be divided into the following types:
1- A column that identifies a person, such as an ID number, address, and name.
2- A single column does not identify an individual, but multiple columns of information can be used to potentially identify a person. These columns are called semi-identification columns, such as zip code, birth date, and gender.A us study says 87 percent of americans can be identified using only zip codes, birthdays and gender information.
3- Columns containing user sensitive information such as transaction amount, illness and income.
4- Other columns that do not contain user sensitive information.
The so-called privacy data leakage avoidance refers to the people who avoid using data (data analysts, BI engineers, etc.) to identify a row of data as someone's information.
Data to mask, and masking technology based on data such as recognition of removing columns, column transform half recognition, make the data using the people in the guarantee for # 2 (converted) identifying column, columns and other column # 4 # 3 sensitive information on the basis of data analysis, to a certain extent, ensure its not according to the data to identify the user, to ensure data security and maximize the value of the mining data balance.
Data Masking Network Packet Broker
1. Substitution: if female user name is replaced with F, this method is more like "smoke screen", which can completely maintain information integrity for internal personnel, but easy to crack.
2. Rearrangement: the serial number 12345 is rearranged into 54321, which is scrambled in a certain order. It is similar to "replace", which is convenient to restore information when needed, but also easy to crack.
3. Encryption: the number 12345 is 23456. The degree of security depends on which encryption algorithm is adopted and generally depends on the actual situation.
4. Truncation: 13811001111 truncated to 138, giving up necessary information to ensure the ambiguity of data, is a common desensitization method, but it is often not friendly to production.(missing field length)
5. Mask: 123456-> 1xxxx6, which preserves part of the information and ensures the invariable length of the information, making it easier to identify the information holder, such as the identity information on the train ticket.(common methods)
6. Date offset is rounded: 20130520 12:30:45-> 20130520 12:00:00. Precision is sacrificed to ensure the security of the original data.
What kind Network Packet Broker and Network Taps support Data Masking?
With the acceleration of carrier broadband construction and the rapid development of 3G, 4G, and 5G networks, and with the popularity and development of big data and cloud computing technologies, data traffic is growing, and the bandwidth requirements for backbone networks and core networks are increasing. Since 2013, the major operators have begun to gradually upgrade the backbone network. The core backbone network transmission link media starts to be expanded from 10GPOS and 40GPOS links to 100G Ethernet links. It will inevitably lead to the continuous updating of big data collection and analysis technology. In the face of 100GE link environment with high bandwidth capacity, how to effectively meet the requirements of various national security, network security monitoring, operator intelligent pipeline DPI data collection and analysis will become a hot spot in the field of data acquisition and analysis.
Chengdu Shuwei Communication is following the development direction of the Internet and develop the MATRIX-TCA-CG Traffic Acquisition(Traffic Capture) Visibility System, and dedicated to the traffic collection and visual analysis application requirements on 1GE, 10GE, 10G/40G POS, 40GE and 100GE links. The MATRIX-TCA-CG integrates free-steering output functions such as network flow collection/acquisition, aggregation, filtering, forwarding/distribution, and load balancing and provides an efficient solution for the flow analysis.
Matrix-TCA-CG is a network data visualization control device for high density and large flow of 10G/40G/100G.
Matrix-TCA-CG is specially designed for the data collection of 10GE 40GE and 100GE links distributed intensively in operators mobile Internet export, IDC export, provincial network and backbone.
Based on ATCA standard architecture, MATRIX-TCA-CG has high carrier-level reliability and strong expansibility which can smoothly configure the functional board CARDS to cope with port demand scenarios of various specifications and sizes.
Network Packet Broker Specification and Module Type
|Component type||Product Model||Basic Parameter||Remarks|
|Chassis||NTCA-CHS-7U7S-DC||Height:7U,7 slots, ATCA Chassis, double star 100G backplane, 3 high voltage DC(240VDC~280VDC) input,3* 2+1 redundant 3000W power modular||Must choose one|
|NTCA-CHS-7U7S-AC||Height:7U,7 slots, ATCA Chassis, double star 100G backplane, 3 high voltage AC(240VDC~280VDC) input,3* 2+1 redundant 3000W power modular|
|Service card||NT-TCA-SCG10||100G exchange card,10*QSFP28 interface||Choose according to actual business needs|
|NT-TCA-CG10||100G service card,10*QSFP28 interface|
|NT-TCA-XG24||10G service card,24*SFP+ interface|
|NT-TCA-RTM-CG10||100G RTM card,10*QSFP28 interface|
|NT-TCA-RTM-EXG24||10G RTM card,24*SFP+ interface|
| || |
|TCA Visibility Embedded software system||NT-TCA-SOFT-PKG|| ||must|
NT-FTAP-32QCX Network TAP NPB.pdf