Security

There are many different ways to protect streaming media. This page has links to articles that describe the different methods available in Wowza™ media server software.
 

Notes:
  • Some of the security technologies that are described in the articles only work with the following Wowza media server software versions:
    • Wowza Streaming Engine™
       
    • Wowza Media Server™ 3.5 and later
  • Security features such as SecureToken, RTMP authentication, RTSP authentication, StreamNameAlias, and secure streaming (RTMPTE and RTMPS) that are provided in the MediaSecurity AddOn for Wowza Media Server 3.1.2 and earlier are built-in with later versions of the server software. For more information about how to get the Media Security AddOn for these older Wowza Media Server software versions, see How to get MediaSecurity AddOn (playback and publish security for RTMP and RTSP).

Media security in Wowza Streaming Engine


Security features that were available as separate modules and plugins in older Wowza media server software versions are merged into a single security module in Wowza Streaming Engine 4.0. This article describes the changes and provides instructions for configuring the features in the new security module using Wowza Streaming Engine Manager:
 

Articles

 

StreamLock, SSL, HTTPS, RTMPS, and RTMPE


StreamLock, SSL, HTTPS, RTMPS and RTMPE are methods for protecting a stream as it's transmitted across a network. All traffic that flows over a protected connection is encrypted during transit.
 
  • StreamLock: Wowza StreamLock™ AddOn is a security option for network encryption provided by Wowza™. It provides near-instant provisioning of free 256-bit Secure Sockets Layer (SSL) certificates to verified Wowza customers for use with Wowza media server software. StreamLock-provisioned SSL certificates provide the best security when used with RTMP. The certificates can also be used for secure HTTP streaming (HTTPS).
  • HTTPS: HTTPS is HTTP over Secure Sockets Layer (SSL). It's a method for securing HTTP streaming such as Apple HTTP Live Streaming (HLS), Adobe HTTP Dynamic Streaming (HDS), and Microsoft Smooth Streaming. HTTPS by itself doesn't secure media streams but when used in conjunction with some type of token-based authentication system, it can more fully protect streaming.
  • RTMPS: RTMPS is RTMP over Secure Sockets Layer (SSL). It's a method for securing Adobe Flash RTMP streaming. It can be used in conjunction with SecureToken to protect Flash streaming.
  • RTMPE: RTMPE is RTMP over an encrypted connection and is another method for securing Flash RTMP streaming. It can be used in conjunction with SecureToken to protect Flash streaming. RTMPE is less secure than RTMPS. To provide the best security for RTMP streaming, we recommend the Wowza StreamLock AddOn.
 

Articles

   

Digital Rights Management (DRM)


Digital Rights Management (DRM) is a protection mechanism for securing streaming media. There are many different DRM technologies such as Microsoft PlayReady and Verimatrix Video Content Authority System (VCAS). The following articles describe how Wowza media server software can be configured to work with several DRM technologies.
 

Articles

 

SecureToken playback protection


SecureToken is a challenge/response system that helps to protect content against spoofing threats. Each connection is protected by a random single-use key and a password (shared secret). Wowza Streaming Engine 4.0 and Wowza Media Server software provide SecureToken playback protection for Flash RTMP streams. Wowza Streaming Engine 4.1 software extends SecureToken playback protection to all streaming protocols supported by the server and includes new hashing options for generating the security token that's exchanged between the server and clients.
 

Articles

   
Note: Some software can defeat the SecureToken security mechanism and record Flash content over RTMP. To protect your Flash content over RTMP, we suggest that you combine SecureToken with Wowza StreamLock AddOn, RTMPS, or RTMPE.

Authentication for RTMP and RTSP publishing


RTMP and RTSP user name and password authentication is described in the following articles:
 

Articles

   

Hotlinking protection


Hotlinking is another word for embedding. For example, YouTube provides embed code for video so that you can embed a YouTube video on your website. A user can look at your webpage source code, copy the embed/object tags (or swfobject), and place that in a webpage on their website. The same can be done with IMG tags. If you want users to do this, it's called embedding; if you don't want them to do it, it's called hotlinking. The following articles describe the options to help you prevent hotlinking:
 

Articles

   

Server-Side API to control access


The following articles describe methods for controlling access to different streaming protocols such as RTMP, Adobe HDS, Apple HLS, and Smooth Streaming. These API examples can be used to develop custom authentication systems for controlling access to streaming media. When used with transport protection mechanisms such as Wowza StreamLock AddOn, SSL, HTTP, RTMPS, or RTMPE, they can provide a secure way for controlling access to streaming.
 

Articles

   

Stream name alias solutions


Stream name aliasing is a method for intercepting content requests and redirecting them to some other content. Aliasing is another method that can be used to protect streaming media by controlling access to certain content based on user credentials.
 

Articles

 

How to get MediaSecurity AddOn (playback and publish security for RTMP and RTSP)


The MediaSecurity AddOn package includes features that help you secure Wowza Media Server 3.1.2 and earlier and the media that you want to stream through the server. The package includes several features to help you secure your content, including SecureToken, RTMP authentication, RTSP authentication, StreamNameAlias, and secure streaming (RTMPE, RTMPTE and RTMPS).
 
Important: The MediaSecurity AddOn features are built-in with Wowza Media Server™ software (version 3.5 and later) and Wowza Streaming Engine™ software. You shouldn't use the AddOn packages below with these server software versions as unexpected results can occur.
The following MediaSecurity AddOn downloads work with Wowza Media Server 3.1.2 and earlier.

Version for Wowza Media Server 2.0.0 to Wowza Media Server 3.1.2.x
MediaSecurity_2.0.zip

Version for Wowza Media Server Pro 1.7.x
MediaSecurity.zip

To learn more about how to install and use MediaSecurity AddOn, see the WowzaMediaServerMediaSecurity_UsersGuide.pdf file that's included in the MediaSecurity AddOn download.