User name pseudonymization

Security ► User name pseudonymization

Applies to NAM 2018
Use this screen to control who can see user names in NAM reports.

Access alternatives:

  • Click the dashboard icon at the top of the NAM Console screen
    NAM Console dashboard
    and click the User name pseudonymization tile
    Pseudonymization
  • Open the NAM Console menu and select Security ► User name pseudonymization

Important: This functionality is available only on NAM Probe release 18.0 or later. You cannot configure earlier NAM Probes for user name pseudonymization.

Overview

Starting with NAM release 2018, you can make NAM user name encryption part of a pseudonymization initiative.

As described under the EU General Data Protection Regulation (GDPR), pseudonymization is "the processing of personal data such that it can no longer be attributed to a single data subject without the use of additional data, so long as said additional data stays separate to ensure non-attribution."

For information about NAM and GDPR, see Data privacy & security.

When pseudonymization is enabled on a NAM Probe, the NAM Probe encrypts User name in the traffic data it reports. The encryption type is Advanced Encryption Standard (AES), 256-bit key size.

When the NAM Server generates reports based on such encrypted data, what it displays depends on the NAM user's privileges (roles).

  • A person with the System administrator or User name access role sees reports with decrypted (actual) user names.
  • Anyone else sees reports with pseudonyms (encrypted user names).

Configuring roles for user name pseudonymization

User name pseudonymization is based on NAM user roles.

  • A System administrator always has the User name access role and always can assign the User name access role to other users.
  • A Security administrator does not have the User name access role by default, but a Security administrator can assign the User name access role to any user, including to herself or himself.

There are two was a System administrator or Security administrator can give others the ability to read encrypted user names:

  • Assign User name access directly to each user who should have it
  • Assign User name access to a user group (new or existing) and then control access to user names by controlling membership to the group with User name access

Configuring traffic monitoring for user name pseudonymization

To enable or disable user name pseudonymization of data reported by selected NAM Probes:

  1. Open Security ► User name pseudonymization.
  2. Set Enable user name pseudonymization for NAM Probe 18.0 and later to On.
  3. Click Regenerate global encryption key to generate a key that will be distributed when you publish the configuration to NAM Probes and NAM Serveres.
    After restart, those NAM Probes will start producing data with encrypted user names.
  4. Select all NAM Probes for which you want to have encrypted user names.
    (Generally, you should select all NAM Probes.)
  5. Click Save to save and publish the new key to all selected AMDs.
    NAM Serveres will receive the configuration automatically.

Best practices

When you click Regenerate global encryption key, a new key is generated. After publishing, it is published to all NAM Server instances attached to the NAM Console, and to all NAM Probe instances you select in the table.

  • Do not change the key if you don't need to. After the key is changed, historical data will not be decrypted on the NAM Server and it may be difficult to recover the old key to decrypt old data.
  • If you do change the key:
    • Change it for all NAM Probes. There may be situations in which you want to limit decryption only to certain NAM Probes, but best practice generally is to keep everything synchronized.
    • Publish the NAM Probe configurations. If you don't publish them, the NAM Serveres will have new keys but the NAM Probes will still have the old keys.

Also, be aware that disabling pseudonymization on a NAM Probe does not delete the key stored on that NAM Probe. If you disable user name pseudonymization on a NAM Probe and then enable it again, it will use the old key unless you publish a new key to that NAM Probe.

Verifying user name pseudonymization

To make sure this is working, you need at least two accounts:

  • A NAM System administrator account or another account that has been assigned the User name access role. This person should be able to read encrypted user names.
  • A NAM non-System administrator account that has not been assigned the User name access role. This person should not be able to read encrypted user names.
  1. Using the first account (System administrator or another account with the User name access role), log in to the NAM Server receiving data from the configured NAM Probes.

  2. In the Reports section of the NAM Server menu, click Explore and select Users.

  3. Confirm that data in the User name column is not encrypted.
    You should be able to see the user names in plain text.

  4. Log out of the NAM Server.

  5. Using the second account (an account that does not have the User name access role), log in to the same NAM Server.

  6. Open the same report.

  7. Confirm that data in the User name column is encrypted.
    You should see encrypted user names instead of plain-text user names.

    Important: If the user names are not encrypted for the second account, recheck your configuration steps:

    1. Make sure you enabled user name pseudonymization on the reporting NAM Probes.
    2. Make sure you logged into the NAM Server the second time using an account that does not have user name access:
      • The account is not assigned the User name access role directly
      • The account is not a member of a group to which you have assigned the User name access role

If you are controlling user name access via group membership, you should also verify that access is controlled depending on whether an account is or is not a member of the group with the User name access role.