Help with unsecured network safety.

I need help with unsecured network safety.

I tried searching for a tutorial but I guess I am blind today, or may be not enough sleep. Not much luck or using the wrong words.

The problem****

At work we have 2 networks. The work one is wap2 and we are allowed to connect to only a few work related sites.

There is also a second network for personal use. Until this week it was password protected too. Owners have made the personal one open to the public, it is broadcasting, and it is not secured any more. Anyone can access it including clients and strangers.
Changing the router settings is NOT a possibility.
What can we "safely" do on this "hotspot"?

There are several different scenarios.

1---- My "play computer" lives at the office and is connected BY ETHERNET to the unsecured network. Using avg free and malwarebytes. Some of the senior staff and owners use this computer too, on their own user account in windows.
I use it in windows and in ubuntu, but the others are not allowed on my ubuntu side.
Would accessing e-mail etc be safe in windows, via ethernet, on the unsecured network? Credit card purchases? Credit card purchases, from ubuntu side?
I would be willing to install easy software to try to make it safer. Free would be better but I am willing to pay. I have no clue what I should use or do. I have avoided open networks like the plague in the past. No experience with them.

2----- I have another play computer that the staff uses to do netflix or access their schoolwork when we are slow. This one is connecting to the unsecured network WIRELESSLY. It lives at the office also. (using MSE and malwarebytes). Several of them are taking college classes by internet, that are work related. We encourage this. What can the kids safely access? Any software solutions would have to be VERY simple or automatic. They are not "computer techies". I am willing to pay a small amount to help them here too. In general we do not save much personal info in this computer since it is shared. They would be imputing email passwords and school account info though, just not saving stuff.

3----- Staff brings their own computers from home and connect to the unsecured network.
How much are they compromising their main personal computers? I know they want to use e-mail, do school work. I will not be willing to pay for software solutions here. Too many of them.

Thanks in advance for any help or links to tutorials

 

1. Computer that is connected by Ethernet cable to the router is secure in a sense that no personal information can be gathered over-the-air but you have to make sure that there are no shared folders etc. There could be accessed by wireless clients including people from outside

2. All e-mail passwords and other passwords/logins and data can be gathered. It's reasonably easy and when it comes to e-mail it's very easy (unless SSL is used which may be the case with some users and may not be with others- that's something you can't do anything about)

3. Similar case as above- email credentials and other login/passwords information as well as some shared folders (depending on an OS an config these may or may not require additional authentication) are at risk.

Unfortunately there's nothing that can be done about it- using SSL and disabling shared folders and so on may help a bit but you can't always do that- sometimes because of the lack of knowledge of end-users and sometimes because not all services/websites support SSL.

If there is such an option present on the router/AP make sure that wireless isolation is enabled (wireless client won't be able to access any shared folders though, this may also affect shared printers).

Another option is to switch the security back on and print a banner with a paraphrase and pin it somewhere. It's safer to use a connection where your data is encrypted even when everybody knows the password because data is still encrypted and because Pairwise Transient Key is generated based on the paraphrase while not being the paraphrase itself. That means that while you all type in the same paraphrase each of you ends up with a different cryptographic key that protects the data- meaning other wireless client can't eavesdrop on you even if he knows the paraphrase and is connected to the same router.

I hope I haven't made this overly complicated but it's late over here

 

Whenever I travel, I frequently have to deal with unsecured networks. In those instances, I use HotSpotVPN, which encrypts all your traffic as if you were using a secure connection. It works on both wired and wireless setups. It costs money, but the peace of mind it provides is worth it. I'm typically gone three days on an average of once every 4-8 weeks, so the 3-day pass option is great. For your purpose, you can buy an annual subscription.

 

Thank you for the answers. Looks like I won't need to worry about my own computer, but I will look into some VPN solutions for the staff play computer. Did you get reasonable speed with hotspotVPN or does it really slow things down? Is there a data download limit?

 

HotSpotVPN is more like a proxy where you're using your existing Internet connection but routing through their server(s). I don't believe there's any data limit, but you'd have to ask them to be sure. Any speed issues I had were related to the network to which I was connecting (eg hotel or coffee shop WiFi), not HotSpot itself.

Good luck with whatever you decide to do.