how to prevent hacking into my wifi

my device: Huawei R207-z
I see a device connected as " USB1 "   Mac Adress 02:0C:E7:0B:01:02  (cannot find any results if searched on web)
but not IP displayed
does anyone know what can USB1 be?
if it is a hacker....how can I secure it?

I wish to restrict devices by Mac
Christo HuyserAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
MAC address can be spoofed so it is not 100% assurance that you are allowing legit machine to connect. in fact, first thing is to make sure you change the default password for the admin login. Use a strong passphrase. Make sure you use minimally "WPA2-PSK" which is the default and ensure the PSK is of strong passphrase too. Actually there are means to crack it, e.g. KRACK attack. Nonetheless, you should make sure all your devices are updated, and you should also update the firmware of your router. Makes sure the password is not default as mentioned earlier ...

as for the MAC setting, not sure if your model has such setting but most Huawei wifi modem router should support it
  1. Connect the device to your laptop or computer via USB cable or Wi-Fi connection.
  2. Launch a web browser and in the address bar, enter 192.168.1.1, then click the arrow icon or press Enter.
  3. Click Settings.
  4. Enter the required username and password, then click Log In.
  5. Note: The default username and password is admin.
  6. Click the WLAN dropdown.
  7. Click WLAN MAC Filter.
  8. Click the WLAN MAC Filter dropdown.
  9. Select the desired filter mode (e.g. Allow).
  10. Click on an empty MAC Address field.
  11. Enter the MAC address of the device you want to add.
  12. To remove a device from the MAC filtering list, delete the required address from the MAC Address field.
  13. Click Apply. The MAC filtering has been enabled.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dr. KlahnPrincipal Software EngineerCommented:
btan is quite correct.  MAC address restriction is no security.  All an intruder has to do is wait until an authorized MAC drops off the network, and then he's back in.  If there is an intruder, he already knows all the MAC addresses of the devices on your network.

How I'd proceed in this situation:

1.  Disable WiFi Protected Setup at the router.  It has holes and is an easy attack point.  WPS must be disabled or you have no security at all.

https://null-byte.wonderhowto.com/how-to/hack-wpa-wifi-passwords-by-cracking-wps-pin-0132542/

2.  Generate a good long passphrase of random characters, at least 16 characters long.  32 would be preferable; you're only going to type it in once at each device.  Change the WPA passphrase at both the router and your devices, then see if the device falls off the network.  

https://passwordsgenerator.net/

If the device falls off the net, you (a) have an intruder who must now crack the passphrase again, or (b) one of your kids will shortly be complaining that their (whatever) can't get on the network, or (c) one of your "smart home" devices will stop working.

If it remains, it's a device on your network.  Unplug each device until the MAC goes away, and you've found the issue.

I must admit that it seems likely that this is an intruder, given that this is a MAC address from an unassigned block.
0
JohnBusiness Consultant (Owner)Commented:
I have a similar HUAWEI device and I have had it for a couple of years. I have a strong Wi-Fi password as noted above and no one hacks into it. Never happened. I do not pay attention to MAC addresses because they are so easily changed and spoofed.
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

btanExec ConsultantCommented:
Taking a look at the MAC, e.g. 02:0C:E7:0B:01:02

The first 3 Octet (02:0C:E7) is the organisation
- 02: A locally administered address is assigned to a device by a network administrator, overriding the burned-in address.
- 00:0C:E7: Vendor: Mediatek MediaTek Inc.

...the remaining 3 Octets (0B:01:02) are NIC specific values which may not significant as it would be designated by the provider...
0
Dr. KlahnPrincipal Software EngineerCommented:
How did you dig that info out, btan?  The sites I consulted show it unassigned.

https://www.macvendorlookup.com/
https://www.wireshark.org/tools/oui-lookup.html
https://macvendors.com/
0
Nick JamesonIT AdminCommented:
you can change your SSID (the name of your network), hide it through the router's admin page;
enable mac filtering as metioned above (use white list);
use strong password (simple passwords can be easily broken by brute-force attacks);
and don't forget to disable WDS on the router, because it giving an additional opportunity for the hackers to crack your network
0
Christo HuyserAuthor Commented:
Wow thanks to all.
Im not very inteligrnt in this but my observations and these guides are very senseful... Some I already done while waiting for answers.

ill go through the guides and comment back..as at the moment I don't have the opertunity to do it
thanks again yo all
0
btanExec ConsultantCommented:
@Klahn, I was referencing wiki on MAC addressing (https://en.m.wikipedia.org/wiki/MAC_address) which shows the definition and that got the first 3 octets. The latter is defined in https://hwaddress.com/oui-iab/00-0C-E7

Agree with experts to disable WPS and WDS if the WIFI router support it. One easily being breach due to default common secret generated and the other allows bridging to other device which is not necessary for personal use..
0
Samuel K.Commented:
Most of options that are good in securing your wifi has been outlined above. Just want to list them down and a critical VLAN option that i consider in any of my network

-Hide SSID.
-Use Mac filtering
-Use IP Binding despite using DHCP.
-Setup VLAN on your small network to segragate network according to access you need to give to different users. You can separate Wifi users, Management vlan and rest according.
0
btanExec ConsultantCommented:
For author advice.
0
btanExec ConsultantCommented:
For consideration.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.