Privacy

Agent/On Premise

You can make custom configurations the Netify agent that will anonymize any data that you would prefer not to send up to the Netify cloud. All changes can be made from the command line using an editor of your choice on the Netify configuration file:

/etc/netifyd.conf
Perform these changes on the Netify configuration prior to starting up the Netify service for the first time.

In etc/netifyd.conf, if there isn't already, create a new section for privacy settings as follows:

    [privacy_filter]
    

Mask WAN IP Addresses

To remove your WAN IP address(es) from being stored, set private_external_addresses attribute to true.

        [privacy_filter]
        private_external_addresses = true
    

Obfuscate LAN IP

If you would like to obfuscate one or more LAN IP addresses, use the host attribute:

        [privacy_filter]
        host[0] = 192.168.1.1
        host[1] = 192.168.1.2
        ...
        host[n] = 192.168.1.n
    

Setting this directive will result in any of your IP addresses listed being to to 1.2.3.1 if they are in the local field, and 1.2.3.2 if they occur in the other field.

If you would like to obfuscate an IP, but maintain individuality, use two or more Pattern Matching directives instead (see below).

Obfuscate MAC Address

Similar to the host example above, if you would like to obfuscate one or more MAC addresses, use the mac attribute:

        [privacy_filter]
        mac[0] = a3:c7:43:00:00:00
        mac[1] = a3:c7:43:00:00:01
        ...
        mac[n] = a3:c7:43:00:00:nn
    

Any matching MAC address will be converted to 01:02:03:04:05:06 if it is found in the local MAC field or 0a:0b:0c:0d:0e:0f if it occurs in the other MAC field.

If you would like to obfuscate a MAC, but maintain individuality, use two or more Pattern Matching directives instead (see below).

Pattern Match/Replace

Netify's Pattern Match and Replace engine is a powerful regular express engine that performs post-processing bulk regex statements prior to the meta-data being sent to the cloud.

Search strings are case-insensitive. It is recommended you try to keep the format of the data intact. As an example, an IPv4 address of 192.168.1.1 should be replaced with 0.0.0.0, rather than Johnson's Desktop.

        [privacy_filter]
        regex_search[0] = Acme
        regex_replace[0] = A___
    
While the regex engine is much more powerful, it does require more processing power than the other options. Also, it may not be available on all platforms (some embedded devices). Feel free to contact us if you would like more information.

The preceding configuration code would remove all cases of Acme that might be found/extracted in the meta-data and replaced with an A___ to preserve the identify of the "Acme" organization/brand. Examples include:

  • acme.com
  • Acme.local
  • ACME.DELL.WORKGROUP.LAN
  • acme.sharepoint.microsoft.com

Portal/Cloud

Once meta-data is sent to the cloud, users may want to annotate and supplement the raw data to make the analysis easier to understand. Fortunately, Netify makes privacy of user-provided data a snap with our no-knowledge encryption and data silos.

No Knowledge

You may recall during the agent provisioning process a step along the way where Netify asked you for a passphrase, similar to the screen capture on the right. If you weren't paying close attention, you may have thought this passphrase when creating an organization was just another security credential - it is that, but much more.

As an example, let's say you wanted to map a device that is showing up in Netify under MAC address - 00-14-22-01-23-45. That's not a particularly easy to remember reference, so you create a user who owns the device and assign it to them. In doing so, you've gone from having a fairly anonymous data source (a MAC address) to an association that requires privacy. This is where the organization's encryption passphrase comes in. Whatever user information (ex. first and last name) entered in the form is encrypted in your browser, then sent to the Netify servers, using the key only you have.

Data Silos and Mapping

Netify uses the concept of anonymous data silos to store information. There are four main data stores:

  • Netify Meta-data
  • Netify Archives
  • Client Information
  • Global

Let's deal with the last one first...the global data store contains no personal or network intelligence information at all. It is used across the Netify platform for things like Protocol and Application definitions, MAC vendor information, device hardware types etc.

The Netify Meta-data and Archives contain data that we use to present information to the client in the portal or accessed via the Netify Informatics API.

In this data silo, any information you choose to augment the dataset is encrypted with the passphrase you assigned to the organization on creation. This key is never sent to us, and resides only in the browser you use to access the client portal.

Any additional users accessing your organization by you 'sharing' it with them, also requires this passphrase. It is for this reason we encourage you to use a unique passphrase just for this purpose - one that you don't mind sharing with a colleague who needs access to your organization's Netify data.

The checkbox on the login page with the caption "I'm using a public device/computer" is for exactly this reason. If selected, all information - including your hashed passphrase - is removed from local storage upon logout.

Finally, we have the Client Information silo. This data is typical to any cloud-based service, containing your contact information, billing, settings and preferences. It does contain data linking to your Netify Meta-data and Archives, however, the relationship - a unique UUID - is encrypted on this end using the very same key used for the purposes of no-knowledge. This has very important implications - linking (or mapping) client identifying information to the meta-data and analysis pulled from your network can only be re-established through the use of the private key only you have and which is never sent over the network to our servers.

Technical Support

Haven't found the answers you're looking for?

Contact Us