Loose cluster security config

I use elasticsearch 1.4 for 3 node cluster, and I have a basic cluster configuration:

discovery.zen.ping.multicast.enabled: false
discovery.zen.ping.unicast.hosts: ['node1', 'node2', 'node3']
http.cors.enabled: true
http.cors.allow-origin: '/.*/'

Is there a way to configure our cluster to be able to prohibit other applications from discovering our cluster, and create indices in our cluster. Maybe prohibit a specific index name like 'system_logs' to be created.

Thank you

A firewall or something like the Shield plugin would work.