Remote maintenance of equipment involves a maintenance service provider having communications access to a customer's equipment for purposes of receiving equipment alarms, diagnosing errors and faults on the equipment, and repairing or upgrading the equipment. But maintenance paths can also be hacked to provide unauthorized access to the equipment for nefarious purposes. Remote maintenance is common for telecommunications and computing equipment. Such equipment often contains sensitive information. Customers therefore have security concerns about keeping maintenance paths open to such equipment. Financial businesses and governments are especially sensitive to maintenance access points and their vulnerabilities to unauthorized access. Some customers will even forsake remote maintenance for the sake of security. There is therefore a need to balance providing of access for maintenance purposes with security considerations.
The common practice of protecting maintenance access paths is via logins and passwords. But repeated hacking may eventually discover the logins and passwords. Other authentication techniques involve controls such as privilege, time-of-day locks, and biometrics. Widely-used access control technologies include firewalls and Demilitarized Zones (DMZs). Recently, challenge-and-response techniques that use secret keys (e.g., RSA SecurID®) have begun to be used. While more secure than logins and passwords, these techniques do not change the fact that a data path to the customer's equipment is being kept open, and hence is open to attack.