Network Monitoring - Definition
Network monitoring is the continuous collection, analysis, and correlation of network telemetry to assess the availability, performance, and security of communication infrastructure. In practice, it involves monitoring interfaces, protocols, and traffic flows, generating alerts, and reporting performance trends. This approach aligns with the “Monitoring activities” and “Logging” controls defined in ISO/IEC 27002:2022, referenced by ISO/IEC 27001:2022 (Annex A). Core technical mechanisms are based on standards such as SNMPv3 (RFC 3411-3415, 2002), IPFIX (RFC 7011-7015, 2013), sFlow (RFC 3176, 2001), and syslog (RFC 5424, 2009).
In the context of image and video anonymization, network monitoring ensures predictable bandwidth for transferring files to processing nodes, controls latency and packet loss, and supervises outbound traffic to reduce the risk of unauthorized data exfiltration. It also enables accurate event correlation through time synchronization mechanisms such as NTPv4 (RFC 5905, 2010) and PTP (IEEE 1588-2019), which is critical for auditing the processing chain.
The Role of Network Monitoring in Image and Video Anonymization
The process of anonymizing images and videos is typically batch-based and requires high, stable throughput between repositories and compute nodes. Effective network performance monitoring provides the technical conditions necessary for reliable object detection and deep learning models used for automatic face blurring and license plate blurring. The network must deliver data to the model and retrieve results without delays that could disrupt pipeline continuity.
In on-premise environments - often preferred to limit data transfers outside the organization - network monitoring supports enforcement of no-cloud-egress policies, segmentation control, access governance, and rapid detection of anomalous traffic flows. Under GDPR’s data minimization principle, flow telemetry and interface counters are preferable to deep packet inspection (DPI), ensuring that monitoring systems do not process the content of images or video frames.
Technologies and Standards Used in Network Monitoring
Network monitoring for anonymization workloads should rely on mature, well-documented standards. The table below summarizes key technologies and their applications.
Technology/Standard | Role | Specification | Year
|
|---|---|---|---|
SNMPv3 + IF-MIB | Interface counters, secure management | RFC 3411-3415; RFC 2863 | 2002; 2000 |
IPFIX | Flow telemetry without payload inspection | RFC 7011-7015 | 2013 |
sFlow | Packet and counter sampling | RFC 3176 | 2001 |
syslog | Standardized network event logging | RFC 5424 | 2009 |
NTPv4 / PTP | Time synchronization for event correlation | RFC 5905; IEEE 1588-2019 | 2010; 2019 |
TLS 1.3 | Encryption of administrative channels and transfers | RFC 8446 | 2018 |
HTTP Semantics | Interpretation of status codes and headers in synthetic tests | RFC 9110 | 2022 |
Key Parameters and Metrics in Network Monitoring
When planning and auditing anonymization pipelines, it is essential to measure clearly defined parameters described in IETF literature. Metrics should be reported per interface, per flow, and using percentile distributions to support network performance analysis.
Metric | Definition | Standard/Source | Measurement Method
|
|---|---|---|---|
Throughput | Amount of data transmitted per unit of time on an interface | IF-MIB - RFC 2863 | SNMP counters (ifInOctets/ifOutOctets) |
One-way latency | Time required for a packet to travel from sender to receiver | RFC 7679 | Active measurements with time synchronization |
Delay variation (jitter) | Variation in delay between consecutive packets | RFC 3393 | Active probes or synthetic testing |
Packet loss | Percentage of packets not successfully received | RFC 7680 | Active testing, IPFIX statistics |
TCP errors | Resets, retransmissions, timeouts | RFC 9293 | IPFIX elements, counter analysis |
P95/P99 percentiles | Upper distribution bounds for latency/throughput | SRE practice | Sample aggregation |
MTTD/MTTR | Mean Time to Detect / Mean Time to Restore | ITSM operational practice | Event and SLA analysis |
Challenges and Limitations
Effective network monitoring must not compromise the confidentiality of visual data. Deep packet inspection (DPI) may expose the content of transmitted images and video frames. In practice, flow telemetry, counters, and synthetic tests should be preferred. If DPI is unavoidable, payload logging should be disabled and strict retention policies enforced. TLS 1.3 encryption limits visibility for monitoring probes, shifting analytical focus toward metadata and application endpoints.
In GDPR-compliant environments, logging any biometric data must be strictly avoided. Best practice includes excluding information about detected faces or license plates from logs and avoiding storage of control frames from processing workflows. Maintaining accurate time synchronization is equally critical, as clock drift can significantly hinder auditing and processing chain correlation.
Practical Use Cases in Anonymization Deployments
The following scenarios illustrate common applications of network monitoring in on-premise deployments performing automated image and video anonymization using deep learning models for face and license plate blurring.
- Bandwidth monitoring between file storage and processing nodes - using SNMPv3 and IF-MIB to detect bottlenecks during batch transfers.
- Outbound traffic control - leveraging IPFIX to detect unusual egress flows and confirm that source files do not leave the processing segment.
- Synthetic API and file service testing - monitoring HTTP status codes in accordance with RFC 9110 and response times for task orchestration protocols.
- Pipeline continuity auditing - correlating syslog events with NTPv4/PTP-synchronized timestamps to reconstruct job execution and analyze MTTR.
Normative References
- ISO/IEC 27002:2022 - Information security, cybersecurity and privacy protection - Information security controls, controls 8.15 and 8.16.
- ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection - Information security management systems - Requirements, Annex A.
- RFC 3411-3415, The SNMP Management Framework, 2002.
- RFC 2863, The Interfaces Group MIB, 2000.
- RFC 7011-7015, Specification of the IP Flow Information Export (IPFIX) Protocol, 2013.
- RFC 3176, InMon sFlow, 2001.
- RFC 5424, The Syslog Protocol, 2009.
- RFC 5905, Network Time Protocol Version 4, 2010.
- IEEE 1588-2019, Precision Time Protocol, 2019.
- RFC 8446, The Transport Layer Security (TLS) Protocol Version 1.3, 2018.
- RFC 9110, HTTP Semantics, 2022.
- RFC 7679, A One-Way Delay Metric for IPPM, 2016.
- RFC 7680, A One-Way Loss Metric for IPPM, 2016.
- RFC 3393, IP Packet Delay Variation Metric for IPPM, 2002.
- RFC 9293, Transmission Control Protocol (TCP), 2022.