[packages/argus-clients.git] / argus-clients-ranonymize.conf

#
#  Argus Software
#  Copyright (c) 2000-2007 QoSient, LLC
#  All rights reserved.
# 
#  Permission to use, copy, modify, and distribute this software and
#  its documentation for any purpose and without fee is hereby granted, 
#  provided that the above copyright notice appear in all copies and
#  that both that copyright notice and this permission notice appear
#  in supporting documentation, and that the name of QoSient not
#  be used in advertising or publicity pertaining to distribution of
#  the software without specific, written prior permission.  
#  
#  QOSIENT, LLC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
#  SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
#  FITNESS, IN NO EVENT SHALL QOSIENT, LLC BE LIABLE FOR ANY
#  SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
#  RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
#  CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
#  CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# 
#
# Example ranonymize.conf
#
# Ranonymize will open this file and parse it to set common
# configuration options.
#
# Values can be quoted to make string denotation easier, however, the
# parser does not require that string values be quoted.  To support this,
# the parse will remove '\"' characters from input strings, so do not
# use this character in strings themselves.
#
# Values specified as "" will be treated as a NULL string, and the parser
# will ignore the variable setting.

# Supported Options

# Ranonymize allows you to specify the type of anonymization methods
# used for a number of categories.  The types are "sequential", "random",
# "specific", "fixed" or "no" anonymization.  Each is described below
# as they appear in the configuration.
#
# ranonymize() uses various strategies to seed its random number
# generator.  If the user specifies a seed, then the srandon(seed)
# function is used.  If keyword "time" is used, then the system usec
# value at the invocation is used.  If the keyword "crypto" is used,
# then the system call srandomdev() is used if available.  If not,
# the "time" method is used.  Configuring with a specific seed value
# in this configuration file, will generate deterministic values 
# which should result in assignments that are duplicated with
# reach run.
#

RANON_SEED=crypto

# 
# Ranonymize can anonymize any field in an Argus record. The
# decision to anonymize a field should be guided by the sensitivity
# of disclosure and the need to preserve a specific issue within
# the data. By default, ranonymize will anonymize the most sensitive
# data, time, flow identifiers, and network protocol specific data.
# The available set of identiifers are:
#
#  "srcid", "flow", "time", "metric", "agr", "net", "vlan", "mpls",
#  "jitter", "ipattr", "suser", "duser", "mac", "icmp", "tadj".
#
# Fields that are not mentioned in the anonymization strategy are
# discarded.
#

RANON_FIELDS="time flow net"

#
# Most of the objects in argus data are composite objects, where
# there are multiple fields and semantics, and to make matters
# more complicated,  for each object there are specific algorithms
# that can be used to achieve the level of anonymity, desired.
# These alogirhtms vary from preserving (no modification done),
# constant shift, table lookup, code book and/or variou cryptographic
# schemes that are designed to provide collaborative anonymity
# for communicating parites.
# 
# Ranonymize anonymizes various fields in Argus records, using a
# set of default algorithms/strategies.  The primary goal of
# ranonymize() anonymization is to preserve the semantics of 
# common data objects, if those objects are retained in the
# final product.
# 
# Because ranonymize() also supports de-anonymization, the methods
# used to obfuscate data, in some cases, must be reversible.  This
# is an important step to supporting distributed collaboration
# through anonymization (i'll change my, and you'll change
# your data so that the transformations generate the same values).
# 
#
# Objects such as the timestamps, transaction reference numbers,
# sequence numbers, IP attributes are, by default, transposed by
# a constant value, usually a negative constant value.  This value
# is specified either as a random number or explicitly in this
# configuration, using the keyword "fixed", for fixed offset.
# This general strategy preserves 1st, 2nd, xth order differentials
# of the data.  Values such as transaction duration are preserved,
# distance or hop count (in the case of TTL), and derived measures
# like loss.

# In order to preserve relative time in the data, to support duration
# one-way delay, and time based correlation strategies within the
# data, anonymization of time involves subtracting a constant
# value from the field in every argus record seen.
# These values, if needed, can be defined by ranonymize or the user.
# The anonymization method is "fixed" offset, and the constant
# value can be specified by the user, "fixed:x", where x is a numerical
# value, +/- 2^31, or chosen by ranonymize at random, "fixed:random",
# where the random value is choosen from the same range as above.
#

RANON_TIME_SEC_OFFSET=random
RANON_TIME_USEC_OFFSET=random


RANON_TRANSREFNUM_OFFSET=fixed:82736487
RANON_TRANSREFNUM_OFFSET=fixed:82736487
RANON_SEQNUM_OFFSET=fixed:10234

# Ranonymize allows you to specify the type of anonymization methods
# used in a number of categories. For ethernet network and host
# address conversion, ranonymize can support "sequential", "random",
# "specific", "fixed" or "no" anonymization.  

# Sequential anonymization involves allocating new addresses in a
# monotonically increasing fashion on a first come first serve basis.
# For ethernet addresses this starts with the address xx:xx:xx:00:00:01,
# where the xx:xx:xx is the vendor identification part, which could be
# preserved, based on configuration (see below) or anonymized starting
# with the value 00:00:00.  For IP v4 addresses, the sequential address
# range starts with the non-routable address space 10.0.0, by default.
# Sequential randomization uses the least amount of memory and minimizes
# anonymization processing time, however it does not offer the best
# object scrambling method.
# 
# As an example, if the first Argus record contained the addresses
# 128.64.2.4 and 132.243.2.87 as source and destination, sequential
# anonymization would generate the addresses 10.0.0.1 and 10.0.1.1
# as the new source and destination addresses, because there are two
# unique network parts, 128.64.2 -> 10.0.0, and 132.243.2 -> 10.0.1.
# Host parts are sequentially allocated within the new network address
# space, and because both addresses are first, they come up as 1.
#
# Random anonymization involves choosing a value from a pool
# of random values.  The type of anonymization, net, host,
# ethernet, dictates the size of the pool of values.
#
# Random anonymization could generate 10.24.31.203 and 10.1.34.18
# as examples, as both the 24 bit network parts would be allocated
# randomly from the 10 network space, and the host address part
# would be allocated randomly from the possible host addresses for
# each allocated network space.  Random anonymization provides better
# address scrambling, as it is not dependant on address ordering, but
# it is significantly more computationaly complex.

# Ranonymize has the option to preserve specific aspects of ethernet
# address semantics, such as vendor identification, and broadcast/
# multicast use.  These can be selected independantly.  
  
RANON_ETHERNET_ANONYMIZATION=sequential
RANON_PRESERVE_ETHERNET_VENDOR=no
RANON_PRESERVE_ETHERNET_BROADCAST=yes
RANON_PRESERVE_ETHERNET_MULTICAST=yes

RANON_NET_ANONYMIZATION=sequential
RANON_HOST_ANONYMIZATION=sequential

# The length of the network address part of IPv4 addresses is by
# default 24 bits, but it can be set to any value < 32.

RANON_NETWORK_ADDRESS_LENGTH=24

# Ranonymize can be configured to perform specific network
# address translation, regardless of the types of anonymization
# that are being employed.  These must be specified using the
# configured network address length.   These addresses are allocated
# prior to any processing, and represent a culling from the available
# anonymization address pool.
#
#Examples could be:
#
#RANON_SPECIFY_NET_TRANSLATION=192.168.0/24::128.2.134/24
#RANON_SPECIFY_NET_TRANSLATION=64.12.0/24::134.5.0/24
#RANON_SPECIFY_NET_TRANSLATION=128.2/24.0::200.200.0/24
#
#
# Ranonymize can also be configured to perform specific host
# address translation.  Feel free to list as many addresses
# that you would like.
#
#Examples would be:
#
#RANON_SPECIFY_HOST_TRANSLATION=192.168.0.64::128.2.34.5
#

# Ranonymize has the option to preserve the network address
# hierarchy at various levels of granularity.  This allows you to
# preserve the addressing relationships between addresses.
# The options are "cidr", "class" and "no".
# 
# CIDR network address anoyminization specifies the length of
# the network part for all address allocations.  The default is
# 24 bits.

RANON_PRESERVE_NET_ADDRESS_HIERARCHY=cidr/24


# Class network adddress heirarchy preservation, causes ranonymize()
# to allocate new network addresses base on the address class.  All
# CLASSA network addresses will be allocated new addresses from the
# Class A network pool.  The Class option sets the NETWORK_ADDRESS_LENGTH
# value to 24. Specifing "specific" network translations is allowed,
# however these address will not be hierarchy preserving.

#RANON_PRESERVE_NET_ADDRESS_HIERARCHY=class

# Ranonymize has the option to preserve the broadcast address
# relationship by not modifying host addresses of 0 and 255.
   
RANON_PRESERVE_BROADCAST_ADDRESS=yes

# Preserving Multicast addresses means mapping any IANA defined
# IPv4 multicast address to another multicast address.  While there
# is no inherient semantic of network and host values for mulitcast
# addresses, ranonymize treats multicast addresses as normal addresses
# but allocated from a separate pool.
# Semantics for network and host parts still apply as above.

RANON_PRESERVE_MULTICAST_ADDRESS=yes


# Ranonymize anonymizes the IP_ID value in IPv4 records, by adding
# a constant value to the existing ip_id and wrapping where appropriate.
# The constant value can be generated by ranonymize as "fixed:random",
# or the user can provid a "fixed:x", where x is the fixed offset,
# or the keyword "none" can be used to turn off the default
# 
RANON_PRESERVE_IP_ID=fixed:random

# Ranonymize can be configured to preserve specific ranges
# of port numbers.  For convenience, ranonymize() can be
# configured to preserve the IANA well known port allocation
# range (0-1023), the registered ports (1024-49151) and/or
# the private port range (49152 - 65535).  Also, ranonymize()
# can be configured to preserve specific port numbers. These
# numbers are independent of protocol type, so if port 23461
# is to be preserved, it will be for both tcp and udp based
# flows.
#
RANON_PRESERVE_WELLKNOWN_PORT_NUMS=yes
RANON_PRESERVE_REGISTERED_PORT_NUMS=no
RANON_PRESERVE_PRIVATE_PORT_NUMS=no


# Ranonymize can be configured to use several methods for
# anonymizing port values.  "random", "fixed:random", "fixed:x"
# and "no" anonymization.  Random ensures that every port value
# is allocated from a random pool, where the offset: methods
# shift the port number by either a "random" amount, changing
# on each invocation, or with a fixed offset of 'x', specified by the user.

RANON_PORT_METHOD="offset:random"


# There are a number of fields that are not subject to anonymization,
# such as protocol types.  These values, if not needed, can be zeroed
# out, but upper protocol information, such as TCP base sequence numbers,
# window performance etc.... need to be removed as needed.

# By default, ranonymize() removes or zeroizes all other fields, in
# the record, including TTL, TOS.  Whole DSR's that are not anonymizable,
# such as jitter values, user data contents, etc... are removed from the
# record at anonymization time.
Commit	Line	Data
d31e0d15	1	#
	2	# Argus Software
	3	# Copyright (c) 2000-2007 QoSient, LLC
	4	# All rights reserved.
	5	#
	6	# Permission to use, copy, modify, and distribute this software and
	7	# its documentation for any purpose and without fee is hereby granted,
	8	# provided that the above copyright notice appear in all copies and
	9	# that both that copyright notice and this permission notice appear
	10	# in supporting documentation, and that the name of QoSient not
	11	# be used in advertising or publicity pertaining to distribution of
	12	# the software without specific, written prior permission.
	13	#
	14	# QOSIENT, LLC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
	15	# SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
	16	# FITNESS, IN NO EVENT SHALL QOSIENT, LLC BE LIABLE FOR ANY
	17	# SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
	18	# RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
	19	# CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
	20	# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	21	#
	22	#
	23	# Example ranonymize.conf
	24	#
	25	# Ranonymize will open this file and parse it to set common
	26	# configuration options.
	27	#
	28	# Values can be quoted to make string denotation easier, however, the
	29	# parser does not require that string values be quoted. To support this,
	30	# the parse will remove '\"' characters from input strings, so do not
	31	# use this character in strings themselves.
	32	#
	33	# Values specified as "" will be treated as a NULL string, and the parser
	34	# will ignore the variable setting.
	35
	36	# Supported Options
	37
	38	# Ranonymize allows you to specify the type of anonymization methods
	39	# used for a number of categories. The types are "sequential", "random",
	40	# "specific", "fixed" or "no" anonymization. Each is described below
	41	# as they appear in the configuration.
	42	#
	43	# ranonymize() uses various strategies to seed its random number
	44	# generator. If the user specifies a seed, then the srandon(seed)
	45	# function is used. If keyword "time" is used, then the system usec
	46	# value at the invocation is used. If the keyword "crypto" is used,
	47	# then the system call srandomdev() is used if available. If not,
	48	# the "time" method is used. Configuring with a specific seed value
	49	# in this configuration file, will generate deterministic values
	50	# which should result in assignments that are duplicated with
	51	# reach run.
	52	#
	53
	54	RANON_SEED=crypto
	55
	56	#
	57	# Ranonymize can anonymize any field in an Argus record. The
	58	# decision to anonymize a field should be guided by the sensitivity
	59	# of disclosure and the need to preserve a specific issue within
	60	# the data. By default, ranonymize will anonymize the most sensitive
	61	# data, time, flow identifiers, and network protocol specific data.
	62	# The available set of identiifers are:
	63	#
	64	# "srcid", "flow", "time", "metric", "agr", "net", "vlan", "mpls",
65	# "jitter", "ipattr", "suser", "duser", "mac", "icmp", "tadj".
66	#
67	# Fields that are not mentioned in the anonymization strategy are
68	# discarded.
69	#
70
71	RANON_FIELDS="time flow net"
72
73	#
74	# Most of the objects in argus data are composite objects, where
75	# there are multiple fields and semantics, and to make matters
76	# more complicated, for each object there are specific algorithms
77	# that can be used to achieve the level of anonymity, desired.
78	# These alogirhtms vary from preserving (no modification done),
79	# constant shift, table lookup, code book and/or variou cryptographic
80	# schemes that are designed to provide collaborative anonymity
81	# for communicating parites.
82	#
83	# Ranonymize anonymizes various fields in Argus records, using a
84	# set of default algorithms/strategies. The primary goal of
85	# ranonymize() anonymization is to preserve the semantics of
86	# common data objects, if those objects are retained in the
87	# final product.
88	#
89	# Because ranonymize() also supports de-anonymization, the methods
90	# used to obfuscate data, in some cases, must be reversible. This
91	# is an important step to supporting distributed collaboration
92	# through anonymization (i'll change my, and you'll change
93	# your data so that the transformations generate the same values).
94	#
95	#
96	# Objects such as the timestamps, transaction reference numbers,
97	# sequence numbers, IP attributes are, by default, transposed by
98	# a constant value, usually a negative constant value. This value
99	# is specified either as a random number or explicitly in this
100	# configuration, using the keyword "fixed", for fixed offset.
101	# This general strategy preserves 1st, 2nd, xth order differentials
102	# of the data. Values such as transaction duration are preserved,
103	# distance or hop count (in the case of TTL), and derived measures
104	# like loss.
105
106	# In order to preserve relative time in the data, to support duration
107	# one-way delay, and time based correlation strategies within the
108	# data, anonymization of time involves subtracting a constant
109	# value from the field in every argus record seen.
110	# These values, if needed, can be defined by ranonymize or the user.
111	# The anonymization method is "fixed" offset, and the constant
112	# value can be specified by the user, "fixed:x", where x is a numerical
113	# value, +/- 2^31, or chosen by ranonymize at random, "fixed:random",
114	# where the random value is choosen from the same range as above.
115	#
116
117	RANON_TIME_SEC_OFFSET=random
118	RANON_TIME_USEC_OFFSET=random
119
120
121	RANON_TRANSREFNUM_OFFSET=fixed:82736487
122	RANON_TRANSREFNUM_OFFSET=fixed:82736487
123	RANON_SEQNUM_OFFSET=fixed:10234
124
125	# Ranonymize allows you to specify the type of anonymization methods
126	# used in a number of categories. For ethernet network and host
127	# address conversion, ranonymize can support "sequential", "random",
128	# "specific", "fixed" or "no" anonymization.
129
130	# Sequential anonymization involves allocating new addresses in a
131	# monotonically increasing fashion on a first come first serve basis.
132	# For ethernet addresses this starts with the address xx:xx:xx:00:00:01,
133	# where the xx:xx:xx is the vendor identification part, which could be
134	# preserved, based on configuration (see below) or anonymized starting
135	# with the value 00:00:00. For IP v4 addresses, the sequential address
136	# range starts with the non-routable address space 10.0.0, by default.
137	# Sequential randomization uses the least amount of memory and minimizes
138	# anonymization processing time, however it does not offer the best
139	# object scrambling method.
140	#
141	# As an example, if the first Argus record contained the addresses
142	# 128.64.2.4 and 132.243.2.87 as source and destination, sequential
143	# anonymization would generate the addresses 10.0.0.1 and 10.0.1.1
144	# as the new source and destination addresses, because there are two
145	# unique network parts, 128.64.2 -> 10.0.0, and 132.243.2 -> 10.0.1.
146	# Host parts are sequentially allocated within the new network address
147	# space, and because both addresses are first, they come up as 1.
148	#
149	# Random anonymization involves choosing a value from a pool
150	# of random values. The type of anonymization, net, host,
151	# ethernet, dictates the size of the pool of values.
152	#
153	# Random anonymization could generate 10.24.31.203 and 10.1.34.18
154	# as examples, as both the 24 bit network parts would be allocated
155	# randomly from the 10 network space, and the host address part
156	# would be allocated randomly from the possible host addresses for
157	# each allocated network space. Random anonymization provides better
158	# address scrambling, as it is not dependant on address ordering, but
159	# it is significantly more computationaly complex.
160
161	# Ranonymize has the option to preserve specific aspects of ethernet
162	# address semantics, such as vendor identification, and broadcast/
163	# multicast use. These can be selected independantly.
164
165	RANON_ETHERNET_ANONYMIZATION=sequential
166	RANON_PRESERVE_ETHERNET_VENDOR=no
167	RANON_PRESERVE_ETHERNET_BROADCAST=yes
168	RANON_PRESERVE_ETHERNET_MULTICAST=yes
169
170	RANON_NET_ANONYMIZATION=sequential
171	RANON_HOST_ANONYMIZATION=sequential
172
173	# The length of the network address part of IPv4 addresses is by
174	# default 24 bits, but it can be set to any value < 32.
175
176	RANON_NETWORK_ADDRESS_LENGTH=24
177
178	# Ranonymize can be configured to perform specific network
179	# address translation, regardless of the types of anonymization
180	# that are being employed. These must be specified using the
181	# configured network address length. These addresses are allocated
182	# prior to any processing, and represent a culling from the available
183	# anonymization address pool.
184	#
185	#Examples could be:
186	#
187	#RANON_SPECIFY_NET_TRANSLATION=192.168.0/24::128.2.134/24
188	#RANON_SPECIFY_NET_TRANSLATION=64.12.0/24::134.5.0/24
189	#RANON_SPECIFY_NET_TRANSLATION=128.2/24.0::200.200.0/24
190	#
191	#
192	# Ranonymize can also be configured to perform specific host
193	# address translation. Feel free to list as many addresses
194	# that you would like.
195	#
196	#Examples would be:
197	#
198	#RANON_SPECIFY_HOST_TRANSLATION=192.168.0.64::128.2.34.5
199	#
200
201	# Ranonymize has the option to preserve the network address
202	# hierarchy at various levels of granularity. This allows you to
203	# preserve the addressing relationships between addresses.
204	# The options are "cidr", "class" and "no".
205	#
206	# CIDR network address anoyminization specifies the length of
207	# the network part for all address allocations. The default is
208	# 24 bits.
209
210	RANON_PRESERVE_NET_ADDRESS_HIERARCHY=cidr/24
211
212
213	# Class network adddress heirarchy preservation, causes ranonymize()
214	# to allocate new network addresses base on the address class. All
215	# CLASSA network addresses will be allocated new addresses from the
216	# Class A network pool. The Class option sets the NETWORK_ADDRESS_LENGTH
217	# value to 24. Specifing "specific" network translations is allowed,
218	# however these address will not be hierarchy preserving.
219
220	#RANON_PRESERVE_NET_ADDRESS_HIERARCHY=class
221
222	# Ranonymize has the option to preserve the broadcast address
223	# relationship by not modifying host addresses of 0 and 255.
224
225	RANON_PRESERVE_BROADCAST_ADDRESS=yes
226
227	# Preserving Multicast addresses means mapping any IANA defined
228	# IPv4 multicast address to another multicast address. While there
229	# is no inherient semantic of network and host values for mulitcast
230	# addresses, ranonymize treats multicast addresses as normal addresses
231	# but allocated from a separate pool.
232	# Semantics for network and host parts still apply as above.
233
234	RANON_PRESERVE_MULTICAST_ADDRESS=yes
235
236
237	# Ranonymize anonymizes the IP_ID value in IPv4 records, by adding
238	# a constant value to the existing ip_id and wrapping where appropriate.
239	# The constant value can be generated by ranonymize as "fixed:random",
240	# or the user can provid a "fixed:x", where x is the fixed offset,
241	# or the keyword "none" can be used to turn off the default
242	#
243	RANON_PRESERVE_IP_ID=fixed:random
244
245	# Ranonymize can be configured to preserve specific ranges
246	# of port numbers. For convenience, ranonymize() can be
247	# configured to preserve the IANA well known port allocation
248	# range (0-1023), the registered ports (1024-49151) and/or
249	# the private port range (49152 - 65535). Also, ranonymize()
250	# can be configured to preserve specific port numbers. These
251	# numbers are independent of protocol type, so if port 23461
252	# is to be preserved, it will be for both tcp and udp based
253	# flows.
254	#
255	RANON_PRESERVE_WELLKNOWN_PORT_NUMS=yes
256	RANON_PRESERVE_REGISTERED_PORT_NUMS=no
257	RANON_PRESERVE_PRIVATE_PORT_NUMS=no
258
259
260	# Ranonymize can be configured to use several methods for
261	# anonymizing port values. "random", "fixed:random", "fixed:x"
262	# and "no" anonymization. Random ensures that every port value
263	# is allocated from a random pool, where the offset: methods
264	# shift the port number by either a "random" amount, changing
265	# on each invocation, or with a fixed offset of 'x', specified by the user.
266
267	RANON_PORT_METHOD="offset:random"
268
269
270	# There are a number of fields that are not subject to anonymization,
271	# such as protocol types. These values, if not needed, can be zeroed
272	# out, but upper protocol information, such as TCP base sequence numbers,
273	# window performance etc.... need to be removed as needed.
274
275	# By default, ranonymize() removes or zeroizes all other fields, in
276	# the record, including TTL, TOS. Whole DSR's that are not anonymizable,
277	# such as jitter values, user data contents, etc... are removed from the
278	# record at anonymization time.
279
280