This question was asked during the webcast, An Introduction to High Performance Computing: Parallel Computing Issues. The presenter, Tom Lehmann, is the Advanced Projects Manager for the Enterprise Systems Group training organization at Intel. Here is Tom's answer to the question.
It depends. Many of the applications that we've seen are totally inside of a commercial company, and the way that the cluster is designed, it has one head node and a lot of compute nodes. The compute nodes are not on the network of the building. They only are a private network that is connected to the master node. So it's possible to put a lot of security on the master node and basically keep unwanted users out of the cluster altogether. Under those circumstances -- it's called the paranoid approach towards clusters -- you've got plenty of security, or at least as much as you've got for any single resource. I have seen other clusters where essentially all of the compute nodes were on an outside network and people could get to them as they saw fit, in which case you have to trust the users not to accidentally down one of your compute nodes, because there might be more than one user on it.