Security options in Wowza Streaming Engine

Learn about and find your way to articles about employing the many security options available for Wowza Streaming Engine™ media server software.

Security in Wowza Streaming Engine Manager

Wowza Streaming Engine Manager lets you control basic security for source and playback connections. For example, you can require encoders or cameras that connect to Wowza Streaming Engine to use authentication, and you can control which IP addresses can connect to Wowza Streaming Engine for both publishing and playback.

For more information, see:

SSL and StreamLock

StreamLock, Secure Sockets Layer (SSL), secure HTTP (HTTPS), secure RTMP (RTMPS), and encrypted RTMP (RTMPE) are methods for protecting streams as they're transmitted across a network. All traffic that flows over a protected connection is encrypted during transit.

  • StreamLock – Wowza StreamLock™ AddOn provides near-instant provisioning of free, 256-bit SSL certificates to verified Wowza customers for use with Wowza Streaming Engine. StreamLock-provisioned SSL certificates provide the best security when used with RTMP. The certificates can also be used for secure HTTP streaming.
  • HTTPS – HTTPS secures HTTP-based stream including Apple HLS, Adobe HDS, and Microsoft Smooth Streaming. HTTPS by itself doesn't secure media streams but when used in conjunction with some type of token-based authentication system, it can more fully protect streaming.
  • RTMPS – RTMPS secures Adobe Flash RTMP streaming and can be used with Wowza Streaming Engine SecureToken for playback protection.
  • RTMPE – RTMPE also secures Flash RTMP streaming and can be used with SecureToken for playback protection. RTMPE is less secure than RTMPS. For the best security for RTMP streaming, we recommend the Wowza StreamLock AddOn.

For more information, see:

Digital rights management

Digital rights management (DRM) is a protection mechanism for securing streaming media. There are many third-party DRM technologies, such as Microsoft PlayReady and Verimatrix Video Content Authority System (VCAS).

For more information, see:

SecureToken playback protection

SecureToken is a challenge/response system that helps to protect content against spoofing threats. Each connection is protected by a random single-use key and a password (shared secret). Wowza Streaming Engine 4.0 and Wowza Media Server software provide SecureToken playback protection for Flash RTMP streams. Wowza Streaming Engine 4.1 software extends SecureToken playback protection to all streaming protocols supported by the server and includes new hashing options for generating the security token that's exchanged between the server and clients. 

For more information, see:

Note: Some software can defeat the SecureToken security mechanism and record Flash content over RTMP. To protect your Flash content over RTMP, combine SecureToken with Wowza StreamLock AddOn, RTMPS, or RTMPE.

RTMP and RTSP authentication

RTMP and RTSP user name and password authentication is described in the following articles:

Protection from hotlinking

Hotlinking is another word for embedding. For example, YouTube provides embed code for video so that you can include a YouTube video on your website. A user can look at your webpage source code, copy the embed/object tags (or swfobject), and place that in a webpage on their website. The same can be done with IMG tags. If you want users to do this, it's called embedding; if you don't want them to do it, it's called hotlinking.

For more information, see:

Wowza Streaming Engine Java API security options

The Wowza Streaming Engine Java API provides several methods for controlling access to RTMP, Adobe HDS, Apple HLS, and Smooth Streaming. When used with transport protection mechanisms such as Wowza StreamLock AddOn, SSL, HTTP, RTMPS, or RTMPE, they can provide a secure way to control access to streaming. The Java API can also be used to develop custom authentication systems.

For examples, see:

Stream name aliasing

Stream name aliasing is way to intercept and redirect content requests. Aliasing is another method that can be used to protect streaming media by controlling access to certain content based on user credentials.

For more information, see: