Any known security best practices to follow for FMS deployment

Hi

I will add some concepts, I am not sure how all of them work technically but there should be enough here for you to

dig deeper, and also alot of this is relevant to your environment and how you want to deploy it.

I have done a 28 server deployment, 4 origin and 24 edge servers.

All the Edge servers on the TCP/IP properties we disabled file and printer sharing. Basically this is a way in for hackers and we disabled this only on the edge servers as these are the ones presented to the public.

We also only allowed ports 1935, 80, 443 on our NICs. Protocol numbers are 6 and 17, this means that you are allowing UDP and TCP. So definitely test out your TCP/IP port filtering until you are confortable that all your connection types are working and secure.

Use RTMPE over RTMP, as it is there to be used and I am surprised not more people use it. The problem as with any other encryption protocol, it may cause higher overhead on resources of the servers holding the connections.

You may want to look at SWF verification. In my understanding, it works as the following. You publish a SWF file on a website. This is a source code that your player uses for authentication. If you enable your edge servers to only listen for authentication requests from that SWF file, then hopefully you are really lessening the highjacking possibilities on your streams.

If you are doing encoding via FME then I would suggest that you download the authentication plugin that is available on the Flash Media Encoder download site.

There are other things you can look at making it more secure like adaptor.xml, using a front end load balancer, HTML domains, SWF domains,

Firewalls and DRM.

I hope this helps you out.

Roberto