There are many ways to protect streaming media. This page has links to articles that describe the different methods available in Wowza Streaming Engine™ media server software.

  • Some of the security technologies that are described in the articles only work with Wowza Streaming Engine and Wowza Media Server™ 3.5 and later.
  • Security features such as SecureToken, RTMP authentication, RTSP authentication, StreamNameAlias, and secure streaming (RTMPTE and RTMPS) that are provided in the MediaSecurity AddOn for Wowza Media Server 3.1.2 and earlier are built-in with later versions of the server software. For information about how to get the Media Security AddOn for these older versions of Wowza Media Server, see How to get MediaSecurity AddOn (playback and publish security for RTMP and RTSP).

Media security in Wowza Streaming Engine

Security features that were available as separate modules and plugins in older Wowza media server software versions are merged into a single security module in Wowza Streaming Engine 4.0. This article describes the changes and provides instructions for configuring the features in the new security module using Wowza Streaming Engine Manager: 

StreamLock, SSL, HTTPS, RTMPS, and RTMPE

StreamLock, SSL, HTTPS, RTMPS and RTMPE are methods for protecting a stream as it's transmitted across a network. All traffic that flows over a protected connection is encrypted during transit.

  • StreamLock: Wowza StreamLock™ AddOn is a security option for network encryption provided by Wowza™. It provides near-instant provisioning of free 256-bit Secure Sockets Layer (SSL) certificates to verified Wowza customers for use with Wowza media server software. StreamLock-provisioned SSL certificates provide the best security when used with RTMP. The certificates can also be used for secure HTTP streaming (HTTPS).
  • HTTPS: HTTPS is HTTP over Secure Sockets Layer (SSL). It's a method for securing HTTP streaming such as Apple HTTP Live Streaming (HLS), Adobe HTTP Dynamic Streaming (HDS), and Microsoft Smooth Streaming. HTTPS by itself doesn't secure media streams but when used in conjunction with some type of token-based authentication system, it can more fully protect streaming.
  • RTMPS: RTMPS is RTMP over Secure Sockets Layer (SSL). It's a method for securing Adobe Flash RTMP streaming. It can be used in conjunction with SecureToken to protect Flash streaming.
  • RTMPE: RTMPE is RTMP over an encrypted connection and is another method for securing Flash RTMP streaming. It can be used in conjunction with SecureToken to protect Flash streaming. RTMPE is less secure than RTMPS. To provide the best security for RTMP streaming, we recommend the Wowza StreamLock AddOn.

See any of the following articles for more information:

Digital Rights Management (DRM)

Digital Rights Management (DRM) is a protection mechanism for securing streaming media. There are many different DRM technologies, such as Microsoft PlayReady and Verimatrix Video Content Authority System (VCAS). The following articles describe how Wowza Streaming Engine can be configured to work with several DRM technologies.

SecureToken playback protection

SecureToken is a challenge/response system that helps to protect content against spoofing threats. Each connection is protected by a random single-use key and a password (shared secret). Wowza Streaming Engine 4.0 and Wowza Media Server software provide SecureToken playback protection for Flash RTMP streams. Wowza Streaming Engine 4.1 software extends SecureToken playback protection to all streaming protocols supported by the server and includes new hashing options for generating the security token that's exchanged between the server and clients. 

Note: Some software can defeat the SecureToken security mechanism and record Flash content over RTMP. To protect your Flash content over RTMP, we suggest that you combine SecureToken with Wowza StreamLock AddOn, RTMPS, or RTMPE.

Authentication for RTMP and RTSP publishing

RTMP and RTSP user name and password authentication is described in the following articles:

Hotlinking protection

Hotlinking is another word for embedding. For example, YouTube provides embed code for video so that you can embed a YouTube video on your website. A user can look at your webpage source code, copy the embed/object tags (or swfobject), and place that in a webpage on their website. The same can be done with IMG tags. If you want users to do this, it's called embedding; if you don't want them to do it, it's called hotlinking. The following article describes the options to help you prevent hotlinking:

Server-Side API to control access

The following articles describe methods for controlling access to different streaming protocols such as RTMP, Adobe HDS, Apple HLS, and Smooth Streaming. These API examples can be used to develop custom authentication systems for controlling access to streaming media. When used with transport protection mechanisms such as Wowza StreamLock AddOn, SSL, HTTP, RTMPS, or RTMPE, they can provide a secure way for controlling access to streaming.

Stream name alias solutions

Stream name aliasing is way to intercept content requests and redirect them to some other content. Aliasing is another method that can be used to protect streaming media by controlling access to certain content based on user credentials.

How to get MediaSecurity AddOn (playback and publish security for RTMP and RTSP)

The MediaSecurity AddOn package includes features that help you secure Wowza Media Server 3.1.2 and earlier and the media that you want to stream through the server. The package includes several features to help you secure your content, including SecureToken, RTMP authentication, RTSP authentication, StreamNameAlias, and secure streaming (RTMPE, RTMPTE and RTMPS).
Important: The MediaSecurity AddOn features are built-in with Wowza Media Server™ software (version 3.5 and later) and Wowza Streaming Engine™ software. You shouldn't use the AddOn packages below with these server software versions as unexpected results can occur.
The following MediaSecurity AddOn downloads work with Wowza Media Server 3.1.2 and earlier.

Version for Wowza Media Server 2.0.0 to Wowza Media Server 3.1.2.x

Version for Wowza Media Server Pro 1.7.x

To learn more about how to install and use MediaSecurity AddOn, see the WowzaMediaServerMediaSecurity_UsersGuide.pdf file that's included in the MediaSecurity AddOn download.