My experiences with the new online enrolment system of University of Southeastern of the Philippines (USEP) are wonderful. Imagine the benefit of no more long lines, no transportation cost, no food cost, adding subjects in your free time and having it evaluated on the next working day and fast processing are advantageous to me as a working professional, as a student and as a father.
The websites portal.usep.edu.ph and oes.usep.edu.ph have the IP addresses of 104.26.6.126, 104.26.7.126 and 172.67.69.70, checking these addresses tells me that it belongs to Cloudflare which is situated on 101 Townsend Street San Francisco California United States 94107 postal code, and this is the address wherein the return traffic from the server is coming from. This organization has public IP allocation of 104.16.0.0/12 and 172.64.0.0/13 as provided by Internet Assigned Numbers Authority (IANA) a crucial global body that maintains the public IP allocation across the globe. Upon verifying the communication using Wireshark, I also noticed that these portals do have API calls using “api.usep.edu.ph” which happens to have the same IP addresses that portal and OES used. This API call is related to the database which makes the website have access to the database wherein the grades, credentials of the websites are stored. The real server IP is masked and protected by an availing service to Cloudflare that protects it from any unwanted and garbage traffic and denial-of-service attack. This system design is excellent. I also noticed that the website is already using TLS1.3 which indicates that the line of communication to these servers are secured. Both portal and OES use the same certificate that will expire this coming March 6, 2026 Friday 2:51:51 AM PH time. You can easily view this by click the icon on the left of the URL and I think the Information Technology department of USEP knows this that they need to renew the certificate if not, the communication towards these servers will not be secured and will be an attack surface for the black hat hackers, once gained access data can now be exploited and perhaps can be sold to the black market. The security of these portals is okay to me once the certificate got renewed.
The speed and compute resources depend on how far is the client from the server, that is Physics you can check the latency of the source location to the destination location by using this URL — https://wondernetwork.com/pings. Also, if you will check the fiber optics under the sea by using the URL — https://www.submarinecablemap.com/landing-point/davao-philippines for Mindanao specifically Davao region, the island of Mindanao has no submarine cable going to Visayas and Luzon, it has connection only to Malaysia, Indonesia, Guam wherein Guam to United States has connection. The current portals USEP are being hosted in the United States including the database as what I presumed based on the Wireshark captured I got. Last week January 7 I experienced the student and OES portals responding too slow. You can only login to the site however the problem I saw is related to the backend part wherein the portal communicates to the databases via API calls. USEP IT team can avail more resources to the service provider to increase the capacity during the beginning of the enrollment. If the service provider cannot increase the resources, perhaps we can probably look into the services that cloud providers can give. Considering the lower price and lower latency and we do not consider the carbon footprint, we can use this tool https://cloud.withgoogle.com/region-picker to provide us a suggestion to what region we can efficiently put the web and database services. In this example, the tool suggested the regions of Taiwan, Republic of China “asia-east1”, Singapore “asia-southeast1”, Delhi, India “asia-south2”, Osaka, Japan “asia-northeast2”, and finally Seoul, South Korea “asia-northeast3”. One good thing about cloud service is that it is easy to scale up, cost depends on the usage. You can avail higher resources at the beginning of enrollment week and after the enrollment you can scale it down. That is a good thing about cloud compared to an on-premises data center wherein you have to consider the bare metal servers, operating system and the IT professional who will maintain those services.
There are a lot of recommendations and improvements that we can do on the Information Technology space of this university but it is costly. However I suggest we begin the social engineering attacks by educating people not to click any email that arrives on the university email and asking you to click something. That button will redirect you to the attacker’s URL wherein it will download a script that will run on your machine without knowing it. It really depends, possibly he will just do reconnaissance sneaking on your machine, scanning your network and possibly identify a server that they can use to do the full scale attack, it is also possible that the attacker will encrypt everything on your machine including all your data, imagine this happens on the registrar machine assuming all records are already on the server, the attacker will negotiate to USEP to pay the attacker for a certain amount of money so that the attacker can unlock the machine, this type of attack is called ransomware. We do not have that high amount of budget but we can actually start to ourselves, educate others by not clicking unwanted emails.
Any digital representation we have on earth has vulnerabilities that can be exploited by bad people or we call it in cybersecurity space black hat hackers. We humans are not perfect, machines are created by humans, so a machine is not perfect as well.
The UI/UX of the student and OES portals are okay to me. No need for improvement here.
Integrating payment gateways to the OES system by accepting eWallets like Paymaya, Maribank, Paymaya, accepting major credit cards VISA/Mastercard will benefit the university cashier definitely. Currently, it’s not integrated. You have to use the Landbank of the Philippines portal to pay the services and tuition fees. Once paid, you have to email the university cashier to flag them that you have already paid before they tag you as officially enrolled. Once the payment gateway is integrated into the enrollment system, all of us will benefit here and the load of work of the people from the finance team will help them, imagine no need to check emails for payments? I wish this feature will be added perhaps 5 years from now.
That’s all that I can say about the enrolment system of the university and hoping our government can allocate more budget to improve the university Information Technology space.