Naturally, iSCSI travels across the network. In their natural form, the packets are easy to decode. If they're intercepted, an attacker will have no problem in extracting their contents. Unless steps are taken, an attacker can also pretend to be a host with legitimate access to the iSCSI target, and read its contents that way. There are a few ways to protect them.
The best way to protect iSCSI traffic is to put it on physical network hardware that has nothing in common with anything else. With that precaution taken, there's usually nothing else necessary to lock down iSCSI communications. This has an additional benefit of lowering the amount of network traffic that iSCSI traffic needs to contend with. Due to the way that switching works, this is usually insignificant unless there are many hops.
The following diagram shows one architectural option to isolate iSCSI: