Securing iSCSI
Ports
You can improve
the security of iSCSI ports by installing security patches and limiting the
devices connected to the iSCSI network.
When you run iSCSI devices, the
ESXi
host does
not open ports that listen for network connections. This measure reduces the
chances that an intruder can break into the
ESXi
host
through spare ports and gain control over the host. Therefore, running iSCSI
does not present an additional security risks at the
ESXi
host end
of the connection.
An iSCSI target device must have
one or more open TCP ports to listen for iSCSI connections. If security
vulnerabilities exist in the iSCSI device software, your data can be at risk
through no fault of the
ESXi
system. To
lower this risk, install all security patches that your storage equipment
manufacturer provides and limit the devices connected to the iSCSI network.