Hello Thanks a lot for the answers!
Due to the fact that I am running my ZooKeeper servers and clients on Amazon EC2 instances, using the ec2 Security Groups might be the best choice.
Nevertheless, I have a question concerning the authentification on the znode level. How is it possible to prevent clients creating node on the root level? Is it also possible to set an ACL on the root (although the root is not created by a client)?