Thanks Brian, it looks like I need to do some further investigation.
Unfortunately the previous dba has now left the company.
Being relatively new to the role myself, I need to learn more about Kerberos delegation......
I am rather worried about non-validated users having permission to read some db tables, and I can't think of what valid reasons there may be to allow this.
Presumably we have the guest user account 'if' we wanted general users to perform certain actions with the database.
Thus NT AUTHORITY\ANONYMOUS seems to be quite a security risk - though I appreciate I don't fully understand the purpose of the account, or implications of having it.
If you're able to direct me to any further reading on this topic, I would gratefully receive it :-)