Is there any kind of security for the Elastic application, not using X-Pack, so that not anyone can make a REST call or have any sort of connection to Elastic without needing using a proper id or login?
There's various alternatives to X-pack Security (e.g. you can set up your own reverse-proxy in front of things) but given that X-pack Security is now free it's not clear why you're looking for an alternative. Can you clarify?
Understood. I wasn't aware x-pack security was free. But, also I am using a version prior to 6.8.0.