I know WEP is the most insecure Wifi network and I would never be using it on my own network. I'm not a network expert but my understanding vaguely is that whoever controls that network can view whatever people are accessing directly via unencrypted web pages.
I have to stay in a hotel/club once a month and the only Wifi they have there is WEP, I really don't want to be without internet whenever I'm there - so could anyone explain what the risks are of using this network, and what I can do to protect myself while using this network?
Since it is easy to impersonate the WEP access point (or maybe it doesn't even provide client separation), you should protect yourself against both passive decryption and adjacent network attacks. Typical client OS are not suited to be used in untrusted networks, and relying e.g. on the correct assignment of Windows firewall profiles is prone to human error.
Therefore, take an intermediate wifi router with you that establishes a certificate based VPN via the insecure AP, firewalls against it, and provides either a secure wifi or ethernet connectivity to your clients. There is a huge variety of devices and software to build such a solution, powered via USB or LiPo batteries TP-Link mobile routers, Raspberry Pi, Banana Pi, OpenWRT, DD-WRT, IPFire, plain Linux etc.
I might be missing something here but I don't see any reason why a hardware VPN solution is needed. Just subscribe to one of the many software VPN services that exist, typically for a couple of pounds a month, and connect to it immediately upon connecting through the WEP wifi. Your traffic is then safe.
Alternatively some higher end home routers e.g. Drayteks give you an option to configure VPN so your traffic is routed via your hopefully secure home broadband connection. A bit more involved technically but the ongoing cost is nil.
Either of these solutions, properly implemented, should protect you whilst on the wifi in question. When I was on the road a lot I also used to keep a throwaway Linux partition on my laptop purely for connecting to questionable wifi purely on the basis that if anybody was looking to exploit people connecting to the wifi they would typically be looking for Windows clients to compromise.
Thank you for your replies to this.
I was thinking more along the lines of anything I can do to my computer to secure it on this network, what are all the security recommendations?
I have the firewall on, and changed the DNS to OpenDNS. Anything else on the checklist?
Using a VPN provider is a good option, after I use that am I totally secure on this network?
Let me understand what the risks are being connected to this network, is the only risk that someone else on the network may be able to view my internet activity? Or does being connected to this network allow an attacker ways to access my computer or infect me? Or what else do I need to be concerned about on this network?
I was thinking more along the lines of anything I can do to my computer to secure it on this network, what are all the security recommendations?
A few things that you should be thinking about, assuming Windows, are a fully patched OS and key apps/runtimes e.g. Office/browser/plugins up to date, regular AV/malware scanning, and logging in as a standard i.e. non-admin user. Using 2FA and complex discrete passwords and storing them in LastPass or similar will mitigate risks of credential theft too.
Using a VPN provider is a good option, after I use that am I totally secure on this network?
The only way you would get total security from this network is to not connect to it. A VPN in conjunction with the above is a decent start though. It's like the old joke one caveman says to the other "you'll never outrun that tiger!" "I don't need to outrun that tiger, just you". If you implement the above properly you make yourself more difficult to exploit so chances are you won't be as there are plenty of easier targets out there.
Let me understand what the risks are being connected to this network, is the only risk that someone else on the network may be able to view my internet activity? Or does being connected to this network allow an attacker ways to access my computer or infect me? Or what else do I need to be concerned about on this network?
Your main risks will always be interference with your laptop and somebody intercepting your traffic for malicious ends - of which there are too many to list here. Another slightly less obvious risk that would be in my mind, if this connection is pretty insecure and widely used there's a chance that somebody else will connect to it at some point and exchange indecent material or material related to extreme criminality etc. In that situation, the authorities potentially would be interested in anybody that has used the connection to rule them out. In our line of work that is not a situation you would want to be in, no matter how innocent you are. It takes time to prove innocence, especially as your traffic would be obfuscated through the VPN usage, and you might find yourself without a laptop for several months. And maybe without a job or on filing duties for a while…
Great responses by Redcat. I've actually switched hotels due to lack of wpa2 encryption.
The software / subscription based VPN is an excellent recommendation. Wep is terribly insecure and very easy to crack. I'm a lecturer for CEH and CHFI and I usually set up a an wep test network for my students to crack.
Using aircrack it takes 10 mins or less with minimal users on the network.