A VPN is helpful but it doesn't protect against a phishing captive portal, nor an attack against your machine coming from the LAN. To cover all bases you can bypass the captive portal by spoofing the MAC address of another machine on the network. For everything else keep your firewall set to block all incoming connections and make sure everything - especially the OS and browser - are updated to the latest version.