Linux Disk Encryption

LUKS provides entire block device encryption and is well suited to protecting data on virtually any device type. The transparency to the operating system by using the crypto device mapper makes it a good fit for encrypting operating systems, database storage partitions and swap devices.

Is it right for me?

Each time another high-profile data breach hits the news, the question on everyone’s lips is why their data was not encrypted. Should the worst happen and your business suffer a successful cyber-attack, your data needs a last line of defence to render it useless to the attackers.

LUKS encrypts at the block level and is an obvious choice for laptops, phones and portable media, but is also well suited for protecting your data at rest on mission critical server infrastructure both physical and virtual.

At a minimal overhead, why not add that extra layer of protection? Protect your disk contents from malicious or accidental removal, and protect your brand reputation in those events.

The Bunker utilises LUKS, the standard and portable hard disk encryption solution, to keep your data even more safe and secure.

Why choose The Bunker?

Benefit from transparent encryption, fast retrieval of data, secure encryption algorithms, compliance, confidential data on disk, and a 90 day key rotation.

How Linux Disk Encryption works

First, we fill the disk with random data so that we don’t give away any clues should the disk fall into the wrong hands. The disk is then encrypted using LUKS tools, and each time the server is started a secure passphrase or pre-generated key is used to unlock the master key, which is then used to open the LUKS container.

The container is mapped through to the operating system via the device mapper crypt support, dm-crypt, and there you have it- a device that appears to be regular, as cryptographic operations are transparent to the filesytem via the Linux kernel. The default cipher for LUKS is aes-cbc-essiv:sha256, RedHat by default uses aes-xts-plain64:sha256.

Our Accreditations

  • ISO 27001
  • First
  • G-Cloud Accredited
  • ITIL Service Management
  • Microsoft Gold Partner
  • NHS IGSoC Approved
  • RIPE NCC Member
  • Tech UK
  • Veeam Gold Cloud & Service Provider Partner
  • PCI Participating organization
  • Dell EMC Gold Partner
  • Cyber Essentials Plus
  • AWS Select Consulting Partner