As Andrey properly pointed out, Sitefinity backend has been secured to satisfy this purpose, you cannot access the backend if you do not provide valid login credentials, and you can go a step further and exclude the frontend users from the BackendUsers role, which will automatically notify them that they do not have sufficient rights to browse the site backend. FIf you decide this type of security does not satisfy your requirements, maybe it'll be possible to configure IP block in IIS for the /Sitefinity folder, and allow/deny certain IPs to access it.
I'm afraid hosting the frontend and backend on different servers would not be possible as they both share configuration resources that need to be accessible for both. If there's anything else we can help you with, please do not hesitate to let us know.
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking
system and vote to affect the priority of the items