Applies To: Windows Server 2008, Windows Server 2008 R2
Access to the streaming media system by unauthorized persons, either by accident or design, can seriously damage the content and the system. Some content may not have intrinsic value but may contain sensitive information or images that must be protected against theft. Locked doors and network firewalls may not be enough to keep out a determined intruder.
The security of your streaming media system and content is dependent upon two things: the physical security of the system hardware and storage and the virtual security of your network. The level of value and sensitivity you place on your content will best determine the amount of effort and expense you must undertake to secure it.
Physical security. All critical streaming media storage and hardware components should be housed in a room that has been dedicated to that purpose. Access to the room should be restricted to persons directly associated with the operation of the streaming media system. The viability of additional access and monitoring measures such as card key readers, combination locks, alarm systems, and closed circuit video depend on the value of your data and your overall security strategy.
Network security. Network security is a multifaceted subject consisting of several different methods and levels of complexity. While many of the general principles of network security are shared across all networking platforms, the specifics of implementing a network security strategy will vary according to the equipment and software used. Consult your network documentation or administrator for specific information about the correct implementation of the following network security measures:
Authentication. Authentication is the process of verifying the credentials of the person requesting access. This process usually involves giving a log in name and password.
Authorization. After the requester's identity has been established, it must meet certain criteria before the requester can gain access to the restricted content. The criteria can be set in several different ways based on whether you are authorizing individual users, groups of users, or excluding specific users.
Permissions. Each user that is granted access to the system will have a specific set of permissions which allow the user to perform certain functions and may prohibit the user from performing others. For example, a user with read-only access to the system may be able to copy content to another location, but cannot add, change, or delete content.
Firewalls. Firewalls protect the network from outside intrusion by restricting network access to specific, closely-monitored ports. The firewall can also restrict the type of information that can pass through the ports. Firewalls are typically used to separate a proprietary network from the Internet, but they can also be used to provide a heightened level of security within a network.
You should understand that as you place more security precautions on an area of your network, the transfer of data across the network becomes more difficult to manage. Choose a network security strategy for your content that provides an adequate level of administrative access while effectively blocking users that do not have the proper authorization.