Security options in Wowza Streaming Engine

Learn about and find your way to articles about employing the many security options available for Wowza Streaming Engine™ media server software.

Security in Wowza Streaming Engine Manager


Wowza Streaming Engine Manager lets you control basic security for source and playback connections. For example, you can require encoders or cameras that connect to Wowza Streaming Engine to use authentication, and you can control which IP addresses can connect to Wowza Streaming Engine for both publishing and playback.

For more information, see:

SSL/TLS and Certificates


SSL/TLS and the certificates that enable secure connections protect streams as they're transmitted across a network. All traffic that flows over a protected connection is encrypted during transit.

SSL/TLS

Wowza Streaming Engine supports Secure Sockets Layer (SSL) and some versions of Transport Layer Security (TLS) with HTTPS (HTTP over SSL/TLS), RTMPS (RTMP over SSL/TLS), and encrypted RTMP (RTMPE) streaming protection. SSL/TLS allows web browsers and web servers to communicate over a secure connection, with the encrypted data being sent and received in both directions.

  • HTTPS – HTTPS secures HTTP-based streams, including HLS, HDS, and Microsoft Smooth Streaming. HTTPS by itself doesn't secure media streams but when used in conjunction with some type of token-based authentication system, it can more fully protect streaming.
  • RTMPS – RTMPS secures Adobe Flash RTMP streaming and can be used with Wowza Streaming Engine SecureToken for playback protection.
  • RTMPE – RTMPE also secures Flash RTMP streaming and can be used with SecureToken for playback protection. RTMPE is less secure than RTMPS. For the best security for RTMP streaming, we recommend the Wowza StreamLock AddOn.

Certificates

Certificates hold public keys and enable HTTPS, RTMPS, or RTMPE connections to Wowza Streaming Engine. To use SSL/TLS certificates with Wowza Streaming Engine, you can use Wowza StreamLock AddOn, a certificate authority, or a self-signed certificate.

For more information, see:

Digital rights management


Digital rights management (DRM) is a protection mechanism for securing streaming media. There are many third-party DRM technologies, such as Microsoft PlayReady and Verimatrix Video Content Authority System (VCAS).

For more information, see:

SecureToken playback protection


SecureToken is a challenge/response system that helps to protect content against spoofing threats. Each connection is protected by a random single-use key and a password (shared secret). Wowza Streaming Engine 4.0 and Wowza Media Server software provide SecureToken playback protection for Flash RTMP streams. Wowza Streaming Engine 4.1 software extends SecureToken playback protection to all streaming protocols supported by the server and includes new hashing options for generating the security token that's exchanged between the server and clients. 

For more information, see:

Note: Some software can defeat the SecureToken security mechanism and record Flash content over RTMP. To protect your Flash content over RTMP, combine SecureToken with Wowza StreamLock AddOn, RTMPS, or RTMPE.

RTMP and RTSP authentication


RTMP and RTSP user name and password authentication is described in the following articles:

Wowza Streaming Engine Java API security options


The Wowza Streaming Engine Java API provides several methods for controlling access to RTMP, Adobe HDS, Apple HLS, and Smooth Streaming. When used with transport protection mechanisms such as Wowza StreamLock AddOn, SSL, HTTP, RTMPS, or RTMPE, they can provide a secure way to control access to streaming. The Java API can also be used to develop custom authentication systems.

For examples, see:

Stream name aliasing


Stream name aliasing is way to intercept and redirect content requests. Aliasing is another method that can be used to protect streaming media by controlling access to certain content based on user credentials.

For more information, see: