Learn about and find your way to articles about employing the many security options available for Wowza Streaming Engine™ media server software.
Security in Wowza Streaming Engine Manager
Wowza Streaming Engine Manager lets you control basic security for source and playback connections. For example, you can require encoders or cameras that connect to Wowza Streaming Engine to use authentication, and you can control which IP addresses can connect to Wowza Streaming Engine for both publishing and playback.
For more information, see the following article:
SSL/TLS
SSL and TLS are security protocols for establishing secure network connections between two systems, for example, Wowza Streaming Engine and a video player.
The secure connection is established via what is commonly called the SSL/TLS handshake. During the handshake, information is exchanged between the server and client to confirm the authenticity of the server’s SSL/TLS certificate. If the server passes the test, an agreement is made regarding how the site content will be encrypted.
Note: The terms SSL and TLS are often used interchangeably. SSL was developed by Netscape in 1995. Due to security concerns, it received a much-needed makeover by the Internet Engineering Task Force (IETF) in 1999. The IETF standardized the protocol and changed the name from SSL to TLS.
For more information, see the following articles:
- Understanding SSL/TLS
- Get SSL/TLS certificates from the Wowza Streaming Engine StreamLock service
- Request an SSL certificate for Wowza Streaming Engine from a certificate authority
- Import an existing SSL certificate and private key for Wowza Streaming Engine
- Create a self-signed SSL certificate for Wowza Streaming Engine
- Troubleshoot SSL certificate configuration for Wowza Streaming Engine
Digital rights management
Digital rights management (DRM) is a protection mechanism for securing streaming media. There are many third-party DRM technologies, such as Microsoft PlayReady and Verimatrix Video Content Authority System (VCAS).
For more information, see the following articles:
- Wowza DRM overview
- Use BuyDRM KeyOS DRM with Wowza Streaming Engine
- Use EZDRM PlayReady DRM with Wowza Streaming Engine
- Use Verimatrix VCAS DRM with Wowza Streaming Engine
- Set up castLabs DRMtoday secure video delivery in Wowza Streaming Engine
- Secure Apple HLS streaming using DRM encryption with Wowza Streaming Engine
- Secure Apple HLS with AES-128 external encryption in Wowza Streaming Engine
- Test AES encryption for Apple HLS streams from Wowza Streaming Engine
- Decrypt PlayReady-encrypted VOD content using the Wowza Streaming Engine Java API
- Secure MPEG-DASH streams using Common Encryption in Wowza Streaming Engine
SecureToken playback protection
SecureToken is a challenge/response system that helps to protect content against spoofing threats. Each connection is protected by a random single-use key and a password (shared secret). SecureToken playback protection works with all streaming protocols supported by Wowza Streaming Engine.
For more information, see the following article:
RTMP and RTSP authentication
RTMP and RTSP user name and password authentication is described in the following articles:
- Enable username/password authentication for RTMP/RTSP publishing to Wowza Streaming Engine
- Publish securely from an RTMP encoder that does not support authentication with a Wowza Streaming Engine Java module
- Integrate Wowza Streaming Engine user authentication with external systems using a Wowza Streaming Engine Java module
- Use per-application password files in Wowza Streaming Engine
- Do file-based RTMP authentication with NetConnection connect using a Wowza Streaming Engine Java module
- Do file-based RTMP authentication with URL query strings using a Wowza Streaming Engine Java module
Wowza Streaming Engine Java API security options
The Wowza Streaming Engine Java API provides several methods for controlling access to streams. When used with transport protection mechanisms such as Wowza StreamLock AddOn, SSL, HTTP, RTMPS, or RTMPE, they can provide a secure way to control access to streaming. The Java API can also be used to develop custom authentication systems.
For examples, see the following articles:
- Control access to HTTP streams with the Wowza Streaming Engine Java API
- Control access to RTSP/RTP streams with the Wowza Streaming Engine Java API
- Control access to Apple HLS streaming with the Wowza Streaming Engine Java API
- Override publish to remap a stream name with the Wowza Streaming Engine Java API
- Modify or control a stream by overriding playback with the Wowza Streaming Engine Java API
Stream name aliasing
Stream name aliasing is way to intercept and redirect content requests. Aliasing is another method that can be used to protect streaming media by controlling access to certain content based on user credentials.
For more information, see the following articles:
