Can anyone share any insights on how to secure the ootb services?  There are many web services supplied with the platform, and more with each vertical application and industry framework.  Many of these have 'requires authentication' set to false.  Is there any resource I can consult where I can understand the implications of removing each Service Package, or turning on authentication?  There are many 'gotchas' (such as WebSSO), and quite a few services at PMC on 8.4.1 that I have not seen previously.  The work of evaluating each one seems quite large.