Skip to content

Latest commit

 

History

History
137 lines (100 loc) · 9.99 KB

mitigations.md

File metadata and controls

137 lines (100 loc) · 9.99 KB

Mitigation Strategies Analysis for arut/nginx-rtmp-module

Mitigation Strategy: Implement Authentication for Publishing

Description:

  • Step 1: Choose an authentication method supported by nginx-rtmp-module, primarily HTTP callback authentication using the on_publish directive.
  • Step 2: Configure the on_publish directive within the rtmp block and specific application blocks in your Nginx configuration. Specify the URL of your authentication backend service.
  • Step 3: Ensure your authentication backend service is implemented to receive HTTP POST requests from nginx-rtmp-module when a client attempts to publish.
  • Step 4: The backend service should validate publisher credentials and return an HTTP 200 OK to allow publishing or a 403 Forbidden to deny it.
  • Step 5: Utilize allow publish and deny publish directives in conjunction with on_publish for more granular access control based on IP addresses or network ranges if needed.

Threats Mitigated:

  • Unauthorized Stream Publishing - Severity: High
  • Content Spoofing - Severity: Medium to High
  • Resource Abuse - Severity: Medium

Impact:

  • Unauthorized Stream Publishing: High Risk Reduction
  • Content Spoofing: Medium to High Risk Reduction
  • Resource Abuse: Medium Risk Reduction

Currently Implemented: Partial - Basic HTTP callback authentication is configured for the main application using on_publish, but it's not consistently applied across all applications and stream types.

Missing Implementation: Consistent and robust authentication for publishing across all applications and stream types using on_publish. Strengthening the authentication backend and ensuring it's correctly integrated with nginx-rtmp-module configuration.

Mitigation Strategy: Implement Authentication for Playing

Description:

  • Step 1: Choose HTTP callback authentication using the on_play directive, as it's the primary method supported by nginx-rtmp-module for playback authentication.
  • Step 2: Configure the on_play directive within the rtmp block and specific application blocks in your Nginx configuration. Specify the URL of your authentication backend service for playback.
  • Step 3: Implement your authentication backend service to handle HTTP POST requests from nginx-rtmp-module when a client attempts to play a stream.
  • Step 4: The backend service should validate viewer credentials and stream access permissions, returning HTTP 200 OK to allow playback or 403 Forbidden to deny it.
  • Step 5: Use allow play and deny play directives alongside on_play for IP-based access control if required.

Threats Mitigated:

  • Unauthorized Stream Access - Severity: High
  • Data Breaches (Content Leakage) - Severity: High
  • Resource Abuse (Playback Bandwidth) - Severity: Medium

Impact:

  • Unauthorized Stream Access: High Risk Reduction
  • Data Breaches (Content Leakage): High Risk Reduction
  • Resource Abuse (Playback Bandwidth): Medium Risk Reduction

Currently Implemented: No - Stream playback is currently publicly accessible without authentication using on_play or any other nginx-rtmp-module authentication feature.

Missing Implementation: Implementing authentication for stream playback across all applications and stream types using on_play. Developing and deploying an authentication backend for playback and configuring nginx-rtmp-module with the on_play directive.

Mitigation Strategy: Limit Concurrent Connections

Description:

  • Step 1: Define acceptable limits for concurrent connections to your RTMP applications.
  • Step 2: Configure Nginx's limit_conn_zone directive in the http block to create a shared memory zone for tracking connection counts, often based on IP addresses.
  • Step 3: Apply the limit_conn directive within the rtmp block or specific application blocks to enforce connection limits for RTMP connections. This directly impacts nginx-rtmp-module connections.
  • Step 4: Customize the error response for connection limit violations as needed.

Threats Mitigated:

  • Connection Flooding DoS - Severity: High
  • Resource Exhaustion (Connection Limits) - Severity: Medium

Impact:

  • Connection Flooding DoS: High Risk Reduction
  • Resource Exhaustion (Connection Limits): Medium Risk Reduction

Currently Implemented: Yes - Basic connection limits are configured at the HTTP level using limit_conn, but not specifically tuned or applied within the rtmp context or application blocks for nginx-rtmp-module.

Missing Implementation: Fine-grained connection limits specifically tailored for RTMP applications by applying limit_conn within the rtmp block or application blocks. Potentially separate limits for publishing and playing within RTMP applications.

Mitigation Strategy: Rate Limiting Publishing and Playing

Description:

  • Step 1: Determine appropriate request rate limits for publishing and playing streams to prevent abuse.
  • Step 2: Configure Nginx's limit_req_zone directive in the http block to set up shared memory zones for tracking request rates, typically based on IP addresses.
  • Step 3: Use the limit_req directive within the rtmp block or application blocks to enforce rate limits on RTMP requests. This can help control the rate of publish and play requests handled by nginx-rtmp-module.
  • Step 4: Customize the error response for rate limit violations.

Threats Mitigated:

  • Request Flooding DoS - Severity: High
  • Brute-Force Attacks (Publishing/Playing Credentials) - Severity: Medium
  • Resource Exhaustion (Request Processing) - Severity: Medium

Impact:

  • Request Flooding DoS: High Risk Reduction
  • Brute-Force Attacks (Publishing/Playing Credentials): Medium Risk Reduction
  • Resource Exhaustion (Request Processing): Medium Risk Reduction

Currently Implemented: No - Rate limiting is not currently implemented for publishing or playing streams specifically within the rtmp context.

Missing Implementation: Implementing rate limiting for both publishing and playing streams by configuring limit_req_zone and limit_req directives within the rtmp block or application blocks to directly affect nginx-rtmp-module request handling.

Mitigation Strategy: Resource Limits for Streams (using Timeouts)

Description:

  • Step 1: Utilize nginx-rtmp-module's timeout directives to limit resource consumption related to stream and session durations. Focus on:
    • rtmp_idle_stream_timeout: Configure a timeout to automatically close idle streams that are not actively publishing or playing data.
    • rtmp_session_timeout: Set a maximum session timeout to limit the duration of RTMP sessions, regardless of stream activity.
    • rtmp_auto_push_timeout: If using auto-pushing, configure a timeout for auto-push connections.
  • Step 2: Set appropriate timeout values based on your expected stream durations and application requirements. Shorter timeouts can help reclaim resources more quickly.
  • Step 3: Monitor the impact of timeout configurations on legitimate stream usage and adjust as needed.

Threats Mitigated:

  • Resource Exhaustion (Stream-Specific) - Severity: Medium
  • Long-Running Connection DoS - Severity: Medium
  • Unfair Resource Allocation - Severity: Low to Medium

Impact:

  • Resource Exhaustion (Stream-Specific): Medium Risk Reduction
  • Long-Running Connection DoS: Medium Risk Reduction
  • Unfair Resource Allocation: Low to Medium Risk Reduction

Currently Implemented: Yes - Default nginx-rtmp-module timeout configurations are likely in place, but they haven't been specifically tuned for optimal resource management or security.

Missing Implementation: Reviewing and optimizing nginx-rtmp-module's rtmp_idle_stream_timeout, rtmp_session_timeout, and rtmp_auto_push_timeout directives. Tuning these timeouts to proactively limit resource consumption from idle or long-running streams and sessions.

Mitigation Strategy: Connection Timeout Configuration (RTMP Specific)

Description:

  • Step 1: Focus on configuring nginx-rtmp-module specific timeout directives to control connection behavior:
    • rtmp_session_timeout: As mentioned above, this limits the overall session duration.
    • Potentially consider Nginx core timeouts like client_header_timeout and client_body_timeout if they are relevant to the initial RTMP handshake or connection setup phases (though less directly nginx-rtmp-module specific, they can still impact RTMP connections).
  • Step 2: Set appropriate values for rtmp_session_timeout to prevent sessions from lingering indefinitely, especially if clients become unresponsive or malicious.
  • Step 3: Test timeout configurations to ensure they don't prematurely disconnect legitimate clients under normal network conditions.

Threats Mitigated:

  • Slowloris DoS Attacks - Severity: Medium (Indirectly, by limiting session duration).
  • Hung Connection DoS - Severity: Medium
  • Resource Exhaustion (Connection State) - Severity: Medium

Impact:

  • Slowloris DoS Attacks: Medium Risk Reduction (Indirectly helps by limiting session lifespan).
  • Hung Connection DoS: Medium Risk Reduction
  • Resource Exhaustion (Connection State): Medium Risk Reduction

Currently Implemented: Yes - Default Nginx and nginx-rtmp-module timeout configurations are active, but likely not optimized for security in the RTMP context.

Missing Implementation: Specifically reviewing and tuning rtmp_session_timeout to enhance resilience against hung connections and DoS attempts. Considering the impact of Nginx core timeouts on RTMP connection establishment and adjusting if necessary.