Configuration

Location:

Vendor:

Model:

Function:

BU:

IP Address:

MAC Address:

Controlling PC:

Printer:

<% Dim machineNumVal, vendorValM, modelValM, machineTypeVal, buVal ' Get values and default to N/A if empty machineNumVal = rs("machinenumber") & "" If machineNumVal = "" Then machineNumVal = "N/A" vendorValM = rs("vendor") & "" If vendorValM = "" Then vendorValM = "N/A" modelValM = rs("modelnumber") & "" If modelValM = "" Then modelValM = "N/A" machineTypeVal = rs("machinetype") & "" If machineTypeVal = "" Then machineTypeVal = "N/A" buVal = rs("businessunit") & "" If buVal = "" Then buVal = "N/A" %>

<% If machineNumVal <> "N/A" Then %> <%=Server.HTMLEncode(machineNumVal)%> <% Else Response.Write("N/A") End If %>

<%=Server.HTMLEncode(vendorValM)%>

<%=Server.HTMLEncode(modelValM)%>

<%=Server.HTMLEncode(machineTypeVal)%>

<%=Server.HTMLEncode(buVal)%>

<% ' Get primary communication (IP and MAC) from communications table Dim rsPrimaryCom, strPrimaryComSQL, primaryIP, primaryMAC strPrimaryComSQL = "SELECT address, macaddress FROM communications WHERE machineid = ? AND isprimary = 1 AND isactive = 1 LIMIT 1" Set rsPrimaryCom = ExecuteParameterizedQuery(objConn, strPrimaryComSQL, Array(machineid)) If Not rsPrimaryCom.EOF Then primaryIP = rsPrimaryCom("address") & "" primaryMAC = rsPrimaryCom("macaddress") & "" Else ' Try to get first active communication if no primary set rsPrimaryCom.Close strPrimaryComSQL = "SELECT address, macaddress FROM communications WHERE machineid = ? AND isactive = 1 ORDER BY comid LIMIT 1" Set rsPrimaryCom = ExecuteParameterizedQuery(objConn, strPrimaryComSQL, Array(machineid)) If Not rsPrimaryCom.EOF Then primaryIP = rsPrimaryCom("address") & "" primaryMAC = rsPrimaryCom("macaddress") & "" Else primaryIP = "" primaryMAC = "" End If End If rsPrimaryCom.Close Set rsPrimaryCom = Nothing ' Display IP Address If primaryIP <> "" Then Response.Write("

" & Server.HTMLEncode(primaryIP) & "

") Else Response.Write("

N/A

") End If ' Display MAC Address If primaryMAC <> "" Then Response.Write("

" & Server.HTMLEncode(primaryMAC) & "

") Else Response.Write("

N/A

") End If ' Get controlling PC from relationships Dim rsControlPC, strControlPCSQL, controlPCHostname, controlPCID strControlPCSQL = "SELECT m.machineid, m.hostname, m.machinenumber FROM machinerelationships mr " & _ "JOIN relationshiptypes rt ON mr.relationshiptypeid = rt.relationshiptypeid " & _ "JOIN machines m ON mr.machineid = m.machineid " & _ "WHERE mr.related_machineid = ? AND rt.relationshiptype = 'Controls' AND mr.isactive = 1 LIMIT 1" Set rsControlPC = ExecuteParameterizedQuery(objConn, strControlPCSQL, Array(machineid)) If Not rsControlPC.EOF Then controlPCHostname = rsControlPC("hostname") & "" controlPCID = rsControlPC("machineid") If controlPCHostname = "" Then controlPCHostname = rsControlPC("machinenumber") & "" Response.Write("

" & Server.HTMLEncode(controlPCHostname) & "

") Else Response.Write("

N/A

") End If rsControlPC.Close Set rsControlPC = Nothing ' SECURITY: HTML encode printer data to prevent XSS ' Printer data - check if exists (LEFT JOIN may return NULL) If Not IsNull(rs("printerid")) And rs("printerid") <> "" Then Dim printerNameVal printerNameVal = rs("printerwindowsname") & "" If printerNameVal = "" Then printerNameVal = "Printer #" & rs("printerid") Response.Write("

" & Server.HTMLEncode(printerNameVal) & "

") Else Response.Write("

N/A

") End If %>

Network Communications

<% ' Query communications for this machine strSQL2 = "SELECT c.*, ct.typename FROM communications c " & _ "JOIN comstypes ct ON c.comstypeid = ct.comstypeid " & _ "WHERE c.machineid = ? AND c.isactive = 1 ORDER BY c.isprimary DESC, c.comid ASC" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) If rs2.EOF Then Response.Write("") Else Do While Not rs2.EOF Dim ipAddr, macAddr, ifaceName, isPrimary, statusBadge ipAddr = rs2("address") & "" macAddr = rs2("macaddress") & "" ifaceName = rs2("interfacename") & "" isPrimary = rs2("isprimary") If ipAddr = "" Then ipAddr = "N/A" If macAddr = "" Then macAddr = "N/A" If ifaceName = "" Then ifaceName = "N/A" If isPrimary Then statusBadge = "Primary" Else statusBadge = "" End If Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") rs2.MoveNext Loop End If rs2.Close Set rs2 = Nothing %>

Type	IP Address	MAC Address	Interface	Primary	Status
No network communications configured
" & Server.HTMLEncode(rs2("typename") & "") & "	" & ipAddr & "	" & macAddr & "	" & ifaceName & "	" & statusBadge & "	Active

Machine Relationships

Controlled By PC

<% ' Query PCs that control this machine (directly or via dualpath) ' First check for direct control, if none then check via dualpath partner ' Use GROUP_CONCAT to combine multiple IPs into one row per PC strSQL2 = "SELECT m.machineid, m.machinenumber, m.hostname, GROUP_CONCAT(DISTINCT c.address ORDER BY c.address SEPARATOR ', ') as address, 'Controls' as relationshiptype " & _ "FROM machinerelationships mr " & _ "JOIN machines m ON mr.related_machineid = m.machineid " & _ "LEFT JOIN communications c ON m.machineid = c.machineid AND c.comstypeid IN (1, 3) AND c.isactive = 1 " & _ "WHERE mr.machineid = ? AND mr.relationshiptypeid = 3 AND m.pctypeid IS NOT NULL AND mr.isactive = 1 " & _ "GROUP BY m.machineid, m.machinenumber, m.hostname " & _ "UNION " & _ "SELECT m.machineid, m.machinenumber, m.hostname, GROUP_CONCAT(DISTINCT c.address ORDER BY c.address SEPARATOR ', ') as address, 'Controls (via Dualpath)' as relationshiptype " & _ "FROM machinerelationships mr_dual " & _ "JOIN machinerelationships mr_control ON mr_dual.related_machineid = mr_control.machineid " & _ "JOIN machines m ON mr_control.related_machineid = m.machineid " & _ "LEFT JOIN communications c ON m.machineid = c.machineid AND c.comstypeid IN (1, 3) AND c.isactive = 1 " & _ "WHERE mr_dual.machineid = ? AND mr_dual.relationshiptypeid = 1 " & _ " AND mr_control.relationshiptypeid = 3 AND m.pctypeid IS NOT NULL " & _ " AND mr_dual.isactive = 1 AND mr_control.isactive = 1 " & _ " AND NOT EXISTS (SELECT 1 FROM machinerelationships mr_direct WHERE mr_direct.machineid = mr_dual.machineid AND mr_direct.relationshiptypeid = 3 AND mr_direct.isactive = 1) " & _ "GROUP BY m.machineid, m.machinenumber, m.hostname" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid, machineid)) If rs2.EOF Then Response.Write("") Else Do While Not rs2.EOF Dim pcHostname, pcIP, pcMachineID pcHostname = rs2("hostname") & "" pcIP = rs2("address") & "" pcMachineID = rs2("machineid") If pcHostname = "" Then pcHostname = rs2("machinenumber") & "" If pcIP = "" Then pcIP = "N/A" Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") rs2.MoveNext Loop End If rs2.Close Set rs2 = Nothing %>

PC Hostname	IP Address	Relationship
No controlling PC assigned
" & Server.HTMLEncode(pcHostname) & "	" & pcIP & "	" & Server.HTMLEncode(rs2("relationshiptype") & "") & "

Machines Controlled by This Machine

<% ' Query other machines related to this one (excluding Controls which is shown in "Controlled By PC" section) ' This shows relationships like Cluster Member, Backup For, Master-Slave, etc. strSQL2 = "SELECT m.machineid, m.machinenumber, mt.machinetype, mo.modelnumber, rt.relationshiptype " & _ "FROM machinerelationships mr " & _ "JOIN relationshiptypes rt ON mr.relationshiptypeid = rt.relationshiptypeid " & _ "JOIN machines m ON mr.related_machineid = m.machineid " & _ "LEFT JOIN models mo ON m.modelnumberid = mo.modelnumberid " & _ "LEFT JOIN machinetypes mt ON m.machinetypeid = mt.machinetypeid " & _ "WHERE mr.machineid = ? AND rt.relationshiptype NOT IN ('Controls', 'Dualpath', 'Connected To') AND mr.isactive = 1" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) If rs2.EOF Then Response.Write("") Else Do While Not rs2.EOF Dim ctrlMachineNum, ctrlType, ctrlModel, ctrlMachineID ctrlMachineNum = rs2("machinenumber") & "" ctrlType = rs2("machinetype") & "" ctrlModel = rs2("modelnumber") & "" ctrlMachineID = rs2("machineid") If ctrlType = "" Then ctrlType = "N/A" If ctrlModel = "" Then ctrlModel = "N/A" Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") rs2.MoveNext Loop End If rs2.Close Set rs2 = Nothing %>

Machine Number	Type	Model	Relationship
This machine does not control any other machines
" & Server.HTMLEncode(ctrlMachineNum) & "	" & ctrlType & "	" & ctrlModel & "	" & Server.HTMLEncode(rs2("relationshiptype") & "") & "

Dualpath / Redundant Machines

<% ' Query dualpath relationships strSQL2 = "SELECT m.machineid, m.machinenumber, mt.machinetype, mo.modelnumber, rt.relationshiptype " & _ "FROM machinerelationships mr " & _ "JOIN relationshiptypes rt ON mr.relationshiptypeid = rt.relationshiptypeid " & _ "JOIN machines m ON mr.related_machineid = m.machineid " & _ "LEFT JOIN models mo ON m.modelnumberid = mo.modelnumberid " & _ "LEFT JOIN machinetypes mt ON m.machinetypeid = mt.machinetypeid " & _ "WHERE mr.machineid = ? AND rt.relationshiptype = 'Dualpath' AND mr.isactive = 1" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) If rs2.EOF Then Response.Write("") Else Do While Not rs2.EOF Dim dualMachineNum, dualType, dualModel, dualMachineID dualMachineNum = rs2("machinenumber") & "" dualType = rs2("machinetype") & "" dualModel = rs2("modelnumber") & "" dualMachineID = rs2("machineid") If dualType = "" Then dualType = "N/A" If dualModel = "" Then dualModel = "N/A" Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") rs2.MoveNext Loop End If rs2.Close Set rs2 = Nothing %>

Machine Number	Type	Model	Relationship
No dualpath relationships
" & Server.HTMLEncode(dualMachineNum) & "	" & dualType & "	" & dualModel & "	" & Server.HTMLEncode(rs2("relationshiptype") & "") & "

Network Connections

<% ' Query devices this machine is connected to (e.g., Camera -> IDF) strSQL2 = "SELECT m.machineid, m.machinenumber, m.alias, mt.machinetype, rt.relationshiptype " & _ "FROM machinerelationships mr " & _ "JOIN relationshiptypes rt ON mr.relationshiptypeid = rt.relationshiptypeid " & _ "LEFT JOIN machines m ON mr.related_machineid = m.machineid " & _ "LEFT JOIN machinetypes mt ON m.machinetypeid = mt.machinetypeid " & _ "WHERE mr.machineid = ? AND rt.relationshiptype = 'Connected To' AND mr.isactive = 1" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) If Not rs2.EOF Then While Not rs2.EOF Dim connAlias, connType connAlias = "" : If Not IsNull(rs2("alias")) Then connAlias = rs2("alias") & "" connType = "" : If Not IsNull(rs2("machinetype")) Then connType = rs2("machinetype") & "" Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") rs2.MoveNext Wend Else Response.Write("") End If rs2.Close ' Query devices connected to this machine (e.g., IDF -> Cameras) strSQL2 = "SELECT m.machineid, m.machinenumber, m.alias, mt.machinetype, rt.relationshiptype " & _ "FROM machinerelationships mr " & _ "JOIN relationshiptypes rt ON mr.relationshiptypeid = rt.relationshiptypeid " & _ "LEFT JOIN machines m ON mr.machineid = m.machineid " & _ "LEFT JOIN machinetypes mt ON m.machinetypeid = mt.machinetypeid " & _ "WHERE mr.related_machineid = ? AND rt.relationshiptype = 'Connected To' AND mr.isactive = 1" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) If Not rs2.EOF Then While Not rs2.EOF Dim connToAlias, connToType connToAlias = "" : If Not IsNull(rs2("alias")) Then connToAlias = rs2("alias") & "" connToType = "" : If Not IsNull(rs2("machinetype")) Then connToType = rs2("machinetype") & "" Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") rs2.MoveNext Wend End If rs2.Close Set rs2 = Nothing %>

Machine #	Name/Description	Type	Relationship
" & Server.HTMLEncode(rs2("machinenumber") & "") & "	" & Server.HTMLEncode(connAlias) & "	" & Server.HTMLEncode(connType) & "	" & Server.HTMLEncode(rs2("relationshiptype") & "") & "
No network connections
" & Server.HTMLEncode(rs2("machinenumber") & "") & "	" & Server.HTMLEncode(connToAlias) & "	" & Server.HTMLEncode(connToType) & "	Connected From

Compliance & Security

<% ' Query compliance data strSQL2 = "SELECT * FROM compliance WHERE machineid = ?" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) If Not rs2.EOF Then %>

Third Party Managed:

Third Party Manager:

OT Asset System:

DoD Asset Device Type:

Compliant:

<% Dim thirdPartyManaged, thirdPartyManager, otAssetSystem, dodAssetDeviceType, isCompliant thirdPartyManaged = rs2("isthirdpartymanaged") & "" thirdPartyManager = rs2("thirdpartymanager") & "" otAssetSystem = rs2("otenvironment") & "" dodAssetDeviceType = rs2("dodassettype") & "" isCompliant = rs2("ischangerestricted") & "" ' Third party managed badge Dim tpmBadge If thirdPartyManaged = "Y" Then tpmBadge = "Yes" ElseIf thirdPartyManaged = "N" Then tpmBadge = "No" Else tpmBadge = "N/A" End If %>

<%=tpmBadge%>

<%=Server.HTMLEncode(thirdPartyManager)%>

<%=Server.HTMLEncode(otAssetSystem)%>

<%=Server.HTMLEncode(dodAssetDeviceType)%>

<% If isCompliant = "Y" Then Response.Write("Yes") ElseIf isCompliant = "N" Then Response.Write("No") Else Response.Write("Not Assessed") End If %>

Security Scans

<% rs2.Close Set rs2 = Nothing ' Query security scans strSQL2 = "SELECT * FROM compliancescans WHERE machineid = ? ORDER BY scan_date DESC LIMIT 10" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) If rs2.EOF Then Response.Write("") Else Do While Not rs2.EOF Dim scanName, scanDate, scanResult, scanDetails, resultBadge scanName = rs2("scan_name") & "" scanDate = rs2("scan_date") & "" scanResult = rs2("scan_result") & "" scanDetails = rs2("scan_details") & "" If scanName = "" Then scanName = "Security Scan" If scanDetails = "" Then scanDetails = "No details" ' Result badge Select Case LCase(scanResult) Case "pass" resultBadge = "Pass" Case "fail" resultBadge = "Fail" Case "warning" resultBadge = "Warning" Case Else resultBadge = "Info" End Select Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") rs2.MoveNext Loop End If rs2.Close Set rs2 = Nothing %>

Scan Name	Date	Result	Details
No security scans recorded
" & Server.HTMLEncode(scanName) & "	" & Server.HTMLEncode(scanDate) & "	" & resultBadge & "	" & scanDetails & "

<% Else Response.Write("

No compliance data available for this machine.

") rs2.Close Set rs2 = Nothing End If %>

<% '============================================================================= ' SECURITY: Use parameterized query for installed applications '============================================================================= strSQL2 = "SELECT * FROM installedapps, applications WHERE installedapps.appid = applications.appid AND installedapps.isactive = 1 AND installedapps.machineid = ? ORDER BY appname ASC" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) Do While Not rs2.EOF Response.Write("") rs2.MoveNext Loop rs2.Close Set rs2 = Nothing %>

" & Server.HTMLEncode(rs2("appname") & "") & "

<%=Server.HTMLEncode(rs("machinenumber") & "")%>

<%=Server.HTMLEncode(rs("vendor") & "")%>

<%=Server.HTMLEncode(rs("machinetype") & "")%>

Configuration

Network Communications

Machine Relationships

Controlled By PC

Machines Controlled by This Machine

Dualpath / Redundant Machines

Network Connections

Compliance & Security

Security Scans