When you run iSCSI devices, the

ESXi

host does not open ports that listen for network connections. This measure reduces the chances that an intruder can break into the

ESXi

host through spare ports and gain control over the host. Therefore, running iSCSI does not present an additional security risks at the

ESXi

host end of the connection.

An iSCSI target device must have one or more open TCP ports to listen for iSCSI connections. If security vulnerabilities exist in the iSCSI device software, your data can be at risk through no fault of the

ESXi

system. To lower this risk, install all security patches that your storage equipment manufacturer provides and limit the devices connected to the iSCSI network.