\item If you are using the recommended ports 9101, 9102, and 9103, you will
probably want to protect these ports from external access using a firewall
and/or using tcp wrappers ({\bf etc/hosts.allow}).
-\item Currently all data that is sent across the network is unencrypted. As a
- consequence, unless you use {\bf ssh} or {\bf stunnel} for port forwarding,
- it is not recommended to do a backup across an insecure network (e.g. the
- Internet). In a future version, we plan to have {\bf ssl} encryption
- built-in.
+\item By default, all data that is sent across the network is unencrypted.
+ However, Bacula does support TLS (transport layer security) and can
+ encrypt transmitted data. Please read the
+ \ilink{TLS (SSL) Communications Encryption}{CommEncryption}
+ section of this manual.
\item You should ensure that the Bacula working directories are readable and
writable only by the Bacula daemons.
\item If you are using {\bf MySQL} it is not necessary for it to run with