Security options in Wowza Streaming Engine

Learn about and find your way to articles about employing the many security options available for Wowza Streaming Engine™ media server software.

Security in Wowza Streaming Engine Manager


Wowza Streaming Engine Manager lets you control basic security for source and playback connections. For example, you can require encoders or cameras that connect to Wowza Streaming Engine to use authentication, and you can control which IP addresses can connect to Wowza Streaming Engine for both publishing and playback.

For more information, see the following articles:

SSL/TLS


SSL and TLS are security protocols for establishing secure network connections between two systems, for example, Wowza Streaming Engine and a video player.

The secure connection is established via what is commonly called the SSL/TLS handshake. During the handshake, information is exchanged between the server and client to confirm the authenticity of the server’s SSL/TLS certificate. If the server passes the test, an agreement is made regarding how the site content will be encrypted.

Note: The terms SSL and TLS are often used interchangeably. SSL was developed by Netscape in 1995. Due to security concerns, it received a much-needed makeover by the Internet Engineering Task Force (IETF) in 1999. The IETF standardized the protocol and changed the name from SSL to TLS.

For more information, see the following articles:

Digital rights management


Digital rights management (DRM) is a protection mechanism for securing streaming media. There are many third-party DRM technologies, such as Microsoft PlayReady and Verimatrix Video Content Authority System (VCAS).

For more information, see the following articles:

SecureToken playback protection


SecureToken is a challenge/response system that helps to protect content against spoofing threats. Each connection is protected by a random single-use key and a password (shared secret). Wowza Streaming Engine 4.0 and Wowza Media Server software provide SecureToken playback protection for Flash RTMP streams. Wowza Streaming Engine 4.1 software extends SecureToken playback protection to all streaming protocols supported by the server and includes new hashing options for generating the security token that's exchanged between the server and clients. 

For more information, see the following articles:

Note: Some software can defeat the SecureToken security mechanism and record Flash content over RTMP. To protect your Flash content over RTMP, combine SecureToken with Wowza StreamLock AddOn, RTMPS, or RTMPE.

RTMP and RTSP authentication


RTMP and RTSP user name and password authentication is described in the following articles:

Wowza Streaming Engine Java API security options


The Wowza Streaming Engine Java API provides several methods for controlling access to RTMP, Adobe HDS, Apple HLS, and Smooth Streaming. When used with transport protection mechanisms such as Wowza StreamLock AddOn, SSL, HTTP, RTMPS, or RTMPE, they can provide a secure way to control access to streaming. The Java API can also be used to develop custom authentication systems.

For examples, see the following articles:

Stream name aliasing


Stream name aliasing is way to intercept and redirect content requests. Aliasing is another method that can be used to protect streaming media by controlling access to certain content based on user credentials.

For more information, see the following articles: