There are many different ways to protect streaming media. This page has links to articles that describe the different methods available in Wowza media server software.
- Some of the security technologies that are described in the articles only work with the following Wowza media server software versions:
- Wowza Streaming Engine™ 4.0 and later
- Wowza Media Server® 3.5 and later
- Security features such as SecureToken, RTMP authentication, RTSP authentication, StreamNameAlias, and secure streaming (RTMPTE and RTMPS) that are provided in the MediaSecurity AddOn for Wowza Media Server 3.1.2 and earlier are built-in with later versions of the server software. For more information about how to get the Media Security AddOn for these older Wowza Media Server software versions, see How to get MediaSecurity AddOn (playback and publish security for RTMP and RTSP).
Media security in Wowza Streaming Engine
Security features that were available as separate modules and plugins in older Wowza media server software versions are merged into a single security module in Wowza Streaming Engine 4.0. This article describes the changes and provides instructions for configuring the features in the new security module using Wowza Streaming Engine Manager:
StreamLock, SSL, HTTPS, RTMPS, and RTMPE
StreamLock, SSL, HTTPS, RTMPS and RTMPE are methods for protecting a stream as it's transmitted across a network. All traffic that flows over a protected connection is encrypted during transit.
- StreamLock: Wowza StreamLock™ AddOn is a security option for network encryption provided by Wowza®. It provides near-instant provisioning of free 256-bit Secure Sockets Layer (SSL) certificates to verified Wowza customers for use with Wowza media server software. StreamLock-provisioned SSL certificates provide the best security when used with RTMP. The certificates can also be used for secure HTTP streaming (HTTPS).
- HTTPS: HTTPS is HTTP over Secure Sockets Layer (SSL). It's a method for securing HTTP streaming such as Apple HTTP Live Streaming (HLS), Adobe HTTP Dynamic Streaming (HDS), and Microsoft Smooth Streaming. HTTPS by itself doesn't secure media streams but when used in conjunction with some type of token-based authentication system, it can more fully protect streaming.
- RTMPS: RTMPS is RTMP over Secure Sockets Layer (SSL). It's a method for securing Adobe Flash RTMP streaming. It can be used in conjunction with SecureToken to protect Flash streaming.
- RTMPE: RTMPE is RTMP over an encrypted connection and is another method for securing Flash RTMP streaming. It can be used in conjunction with SecureToken to protect Flash streaming. RTMPE is less secure than RTMPS. To provide the best security for RTMP streaming, we recommend the Wowza StreamLock AddOn.
Digital Rights Management (DRM)
Digital Rights Management (DRM) is a protection mechanism for securing streaming media. There are many different DRM technologies such as Microsoft PlayReady and Verimatrix Video Content Authority System (VCAS). The following articles describe how Wowza media server software can be configured to work with several DRM technologies.
SecureToken playback protection
SecureToken is a challenge/response system that helps to protect content against spoofing threats. Each connection is protected by a random single-use key and a password (shared secret). Wowza Streaming Engine 4.0 and Wowza Media Server software provide SecureToken playback protection for Flash RTMP streams. Wowza Streaming Engine 4.1 software extends SecureToken playback protection to all streaming protocols supported by the server and includes new hashing options for generating the security token that's exchanged between the server and clients.
Some software can defeat the SecureToken security mechanism and record Flash content over RTMP. To protect your Flash content over RTMP, we suggest that you combine SecureToken with Wowza StreamLock AddOn, RTMPS, or RTMPE
Authentication for RTMP and RTSP publishing
RTMP and RTSP user name and password authentication is described in the following articles:
is another word for embedding. For example, YouTube provides embed code for video so that you can embed a YouTube video on your website. A user can look at your webpage source code, copy the embed/object tags (or swfobject), and place that in a webpage on their website. The same can be done with IMG tags. If you want users to do this, it's called embedding
; if you don't want them to do it, it's called hotlinking
. The following articles describe the options to help you prevent hotlinking:
Server-Side API to control access
The following articles describe methods for controlling access to different streaming protocols such as RTMP, Adobe HDS, Apple HLS, and Smooth Streaming. These API examples can be used to develop custom authentication systems for controlling access to streaming media. When used with transport protection mechanisms such as Wowza StreamLock AddOn, SSL, HTTP, RTMPS, or RTMPE, they can provide a secure way for controlling access to streaming.
Stream name alias solutions
Stream name aliasing is a method for intercepting content requests and redirecting them to some other content. Aliasing is another method that can be used to protect streaming media by controlling access to certain content based on user credentials.