I would try to experiment with editing web.config in cms\admin\ folder:
put there something like
<system.webServer>
<security>
<ipSecurity allowUnlisted="false"> <!-- this line blocks everybody, except those listed below -->
<clear/> <!-- removes all upstream restrictions -->
<add ipAddress="127.0.0.1" allowed="true"/> <!-- allow requests from the local machine -->
</ipSecurity>
</security>
</system.webServer>
P.S. Do it in a test environment :)