Please enable JavaScript to view this site.

DW Spectrum User Manual

Navigation: » No topics above this level «

Using Encryption for System Security

 Scroll Prev Top Next More

DW Spectrum provides HTTPS encryption for client-server data exchange and, separately, for RTSP video traffic streams.

HyperText Transfer Protocol (HTTP) is a universally agreed upon convention for network information exchange that is easy to intercept and read. HyperText Transfer Protocol Secure (HTTPS) is a safer connection that includes encryption to protect the information exchanged over networks. The encryption is performed using a Secure Sockets Layer (SSL) or TLS (Transport Layer Security) certificate. When an SSL/TLS certificate is issued it means the sending and receiving websites have been authenticated, and a secure connection has been established between the web server and the browser that connects to it. When you have a secure connection, the website's URL is prefixed with "https" instead of "http," and a padlock icon will display on the address bar.

By default, DW Spectrum encryption is disabled. Without encryption, API requests and the server web administration interface can be intercepted and analyzed, and video streams (live and playback) can be intercepted and viewed.

The Allow only secure connections checkbox forces all servers in the System to accept only secure HTTPS connections. When it is enabled, you have the option to also force video traffic encryption.

The Encrypt video traffic checkbox applies encryption to RTSP/S format, HLS format, and requests that start with a /media prefix. Note that encrypted video transfer requires intensive CPU processing, so overall system performance can be severely impacted, particularly on smaller or weaker hardware such as ARM devices.

! Important! Due to self-signed certificates, explicit HTTP integrations, or other configuration settings, all integrations configured to work with HTTP need to be tested, and may need to be updated for compatibility with this feature. For example, you will need to disable HTTPS support in order to merge a secured System with one that does only supports HTTP. Similarly, some third-party products may not support RTSPS and may therefore cause integration issues.

To enable HTTPS encrypted client-server connections

1.Open Main Menu –> System Administration (shortcut Ctrl+Alt+A).

2.In the General tab, check the Allow only secure connections checkbox.

3.Once HTTPS is enabled, the first time you attempt to log onto a server's web page, the browser may first display warnings that indicate a bad certificate and insecure connection ("Your connection is not private. Attackers might be trying to steal your information..."). This is not the case. The warning is a safety feature due to a self-signed certificate on the server, the connection will in fact be more secure.

4.To proceed using an HTTPS connection, click on the word Advanced, then click the Proceed to [xxx.x.x.x] (unsafe) link to log in. You should only need to do this the first time the HTTPS connection is established.

note Note Although it may have a line through it, as long as https is displayed in the address bar, the connection is secure.

To enable RTSPS encrypted video traffic

1.Open Main Menu –> System Administration (shortcut Ctrl+Alt+A).

2.In the General tab, check the Encrypt video traffic checkbox.

! Important! Encrypting video traffic will significantly increase CPU and bandwidth usage because data packets must be encrypted by the server and decrypted by the client.