The fix is simple, just ensure that the service only listening for localhost connections.
Open up your *ESdirectory*/config/elasticsearch.yml and edit
# network.host: 192.168.0.1
# http.port: 9200
Additionally some IPTables rules can add an additional layer of security, generally if your IPTables rule set includes iptables -P INPUT DROP, and you haven't opened your ElasticSearch port publicly via IPTables, likewise you should be safe. These specific rules can be added if required (alter the port if you have ElasticSearch bound to a different port obviously).
iptables -A INPUT -p tcp -s localhost --dport 9200 -j ACCEPT iptables -A INPUT -p tcp --dport 9200 -j DROP
Anyone who has had ElasticSearch installed and configured by myself should have already had the network host set to 127.0.01 as part and parcel of the install process (I will of usually sent confirmation of my install settings including this one to you when the install was finished), however if you wish me to check for you, just drop me a conversation with your relevant details.