You can customize many of the essential security settings for your host through the Security Profile panel available in the
vSphere Web Client. The Security Profile is especially useful for single host management. If you are managing multiple hosts, consider using one of the CLIs or SDKs and automating the customization.
ESXi Firewall Configuration ESXi includes a firewall that is enabled by default.
Customizing ESXi Services from the Security Profile An ESXi host includes several services that are running by default. Other services, for example SSH, are included in the host's security profile. You can enable and disable those services as needed if company policy allows it.
Enable or Disable a Service in the Security Profile You can enable or disable one of the services listed in the Security Profile from the vSphere Web Client.
Lockdown Mode To increase the security of your ESXi hosts, you can put them in lockdown mode. In lockdown mode, operations must be performed through vCenter Server by default.
Check the Acceptance Levels of Hosts and VIBs To protect the integrity of the ESXi host, do not allow users to install unsigned (community-supported) VIBs. An unsigned VIB contains code that is not certified by, accepted by, or supported by VMware or its partners. Community-supported VIBs do not have a digital signature.