Home > Help
Home > Help
Having issues using on of our services? Look at some of the guides below
Note The data in this document contains all public information, nothing in this document is commercially sensitive
This guide will help you get access to our Insight SFTP server sftp.confused.com so you can pull your data files. Some of our partners may encounter issues when trying to access these data and more often than not this is due to Network Security Policies that have been applied at both client (you) and server (us) that are necessary to protect you as the consumer of your data and also protect the individuals whom these data denote.
Each of you will all have different bespoke network configurations so this document will use our systems as an example case study.
Where appropriate external links have been provided to help you understand some of the technical terms used in this document.
You will need to give us the Public IPv4 addresses for your development environment and production environment. Before cloud computing this was a simple as many of you had on premise corporate (proxy servers)(https://www.varonis.com/blog/what-is-a-proxy-server) and physical data center providers.
Then the Cloud came along to provide the increased demand for financial technology, but in turn added complexity to our systems.
Insight Services is based in Cardiff so if we lookup our IP using the free service whatismyipaddress.com then it shows that we are in London. This is actually our VPN provider who use a large pool of IPs that can change as the scale for demand increases.
This is not helpful when we want to secure cloud assets or access to a partners system that needs us to have a fixed IP, so in these cases we use a Proxy server to route our Internet traffic for specific domains through fixed IP addresses, the example below show how we have explicitly routed one our service providers such as our paid for IP Geolocation API through the fixed IP in our Dublin data center, this then allows us to leverage the IP restriction features in this service.
So why do we bother with London at all? Why not route all traffic via our Dublin and Amsterdam assets? Well we like to keep our operational costs as low as possible without compromising our services to you.
In production we don't have a proxy server, instead we route all outbound network traffic through a firewall, and our firewall has a fixed IP. While we do get the benefits of a fixed IP, the primary purpose is to apply controls on what traffic we allow out to prevent unwanted egress from vulnerably risks, such examples include XXE and Log4J exploits whereby an attacker can use vulnerabilities in your systems to send data out of your environment and into theirs.
Once you have worked with your network engineers and gained a basic understanding of how you network architecture is configured we need you to give us your IPs in a single IP entry, Range or CIDR.
Examples include:
Single '147.161.143.104','147.161.143.104','147.161.143.105','147.161.143.106'
Range '147.161.143.104-147.161.143.107'
CIDR '147.161.143.104/30'
Ideally you will give us no more than 4 IPs for your office VPN and no more than 4 IPs for your production and test environments.
We can accommodate far more but If you find that your are giving us ranges that denote your entire range of your networks then this indicates that you have a very high level of attack surface and that you are susceptible to some of the egress attacks we have discussed above.
Note that hacker groups like LulzSec don't specifically target an organisation, they tend to look for unprotected public IPs and see if they can compromise it, if they succeeded then they look at who it belongs to. So the bigger the range you give, the higher the chance you will attract unwanted attention.
Note Note we do not accept IP addresses from banned countries as defined by our compliance policy.
We also check our firewall if IPs are active within a 90 day period, any that are not active in this time range are removed.
Once we have added your IPs our firewall you will be able to test connectivity by browsing to https://sftp.confused.com/Web/Account/Login.htm.
It is possible your corporate proxy server may block your access to the domain sftp.confused.com as your organisation may have a policy of only allowing you to access work related websites ans other work related internet resources
If you are prompted with a login screen we are ready for the next steps.
By default most network engineers will only leave ports 443 (HTTPS, i.e. secure web browsing and APIs) and port 80 (HTTP, unsecured web browsing) open. We will need your engineers to unblock port 22 (SFTP) on your systems.
if you are using a windows system you can enable telnet in the control panel.
Note You may need your Help desk to either allow you the access rights to install telnet or have them do it for you.
Once installed, run the following command.
Telnet sftp.confused.com 22
if connection is successful you will get he following
SSH-2.0-8.1.0.0_openssh GlobalSCAPE
You get to this point, all connection issues have been resolved between you or your application, your network and our network.
Ask us for the account you need, we will create them and share the information via Keeper One Time Share and use the SFTP client of your choice.
If you are still having issues accessing we constantly record successful and failed access both on the firewall and the server level, we can also test your account is authorized and can upload/download files, so contact us if you have an issues.