More Info:

No EC2 security group should allow inbound traffic from RFC-1918 CIDRs in order to follow AWS security best practices.

Risk Level

Low

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Sure, here are the step-by-step instructions to remediate the misconfiguration “Security Groups Should Not Allow Inbound Traffic From RFC 1918” for AWS using the AWS console:

  1. Log in to the AWS Management Console.
  2. Navigate to the EC2 service.
  3. Click on “Security Groups” from the left-hand menu.
  4. Select the security group that needs to be remediated.
  5. Click on the “Inbound Rules” tab.
  6. Identify the inbound rule(s) that allow traffic from RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16).
  7. Click on the “Edit” button for the rule that needs to be remediated.
  8. Change the “Source” field to a specific IP address or range that is allowed to access the resource(s) protected by the security group.
  9. Alternatively, you can also change the “Source” field to “Custom” and enter an IP address or range that is not part of RFC 1918.
  10. Click on the “Save rules” button to apply the changes.

After following these steps, the security group will no longer allow inbound traffic from RFC 1918 addresses.

Additional Reading: