Pages

May 17, 2021

Secure your account in 3 easy steps

WMSPanel cloud control panel provides extended control over your Nimble Streamer server instances. Softvelum customers utilize Nimble extensively to build their media delivery networks and streaming infrastructure, and they use WMSPanel to perform the setup easily via both web UI and API.

Web services have a lot of upside like convenience of operations. However there is a downside to it as well: if you compromise your account credentials, an abuser may take control over your assets and do significant damage.

Besides evil intentions, people just make mistakes sometimes, so you need to improve your account security to avoid them.

Here are some general practices which we highly recommend for all of WMSPanel accounts and users to improve security and robustness of your account.


1. Users management: admins vs. non-admins


First, let's check what you can do on a company account and user level.

There are two types of users in WMSPanel: admins and non-admins.

Admins can do the following.

  • Install servers and register them in WMSPanel.
  • Add and change all Nimble Streamer settings on all servers.
  • View all stats for all servers.
  • Enable and disable statistical metrics.
  • Create and change subscriptions and view invoices.
  • Add, change and remove users.
  • Track users' activities log.
When you create an account in WMSPanel, your login becomes an admin user.

Non-admins cannot do much unless you allow them to:

  • They only view the stats in the data slices where they are assigned by admins.
  • Admins can grant non-admins specific permissions for specific servers, e.g. change live streaming settings only on a designated Nimble Streamer server instance. This article explains how it works.
  • Admins may also assign a group of non-admins to control a separate group of servers using data slices. This article describes the approach and its setup.

As you can see, there is no need to make some people the admin users while you can make them non-admins and grant only some limited permissions.

The rule of thumb is: don't grant too many permissions unless you really need to do that.


2. Two-factor authentication: a must-have


Being a user with WMSPanel login, you have to make sure your credentials are not exposed to anyone else. Doesn't matter if you are a full-scale admin or a non-admin who wants to view stats. However, if your credentials are obtained by malware or as a result of some sophisticated targeted attack, you need the second line of defense.

So you must enable two-factor authentication for your WMSPanel user. This is a modern de-facto standard for operations on the Internet so you must be familiar with it. So read this article to learn more about enabling 2FA.

Or just go to Settings menu, open Security tab and follow the instructions there.


3. Nimble config cloud backups: "undoing" mistakes


If you use a Nimble Streamer instance, one of your most valuable assets is its streaming settings. This is what you do as a streaming infrastructure architect and engineer: set up Nimble, test it with your source streams or files, launch it in products and make changes to those settings if necessary.

However, people make mistakes. Whatever you do to secure the users, those users can accidentally remove a server, erase some setting or make some experiment which would ruin the setup. You need to be able to overturn events like that.

We created Cloud backups of Nimble Streamer configuration to cover this use case. It allows making both manual and automated "snapshots" of server instance configuration which is then stored in WMSPanel cloud infrastructure. The key feature is that those backups cannot be erased or changed by any end user - admin or non-admin. When the backup is set and enabled for a specific server, those backups will allow restoring the state of settings of that server.

Cloud backups cost just 1 USD per month per backup.


These are simple rules to make your WMSPanel experience more secure and reliable.

Let us know if you have any questions.


No comments:

Post a Comment

If you face any specific issue or want to ask some question to our team,
PLEASE USE OUR HELPDESK

This will give much faster and precise response.
Thank you.

Note: Only a member of this blog may post a comment.