What is the router model?
Are we talking about one of those broadband routers/firewalls/WAPs?
Firstly disable wireless if not using it.
If using wireless enable encryption (Radius server if available) and lock down MAC addresses.
For wiredconnections, simple way is to disable DHCP and go with static IPs. Change router default internal gateway IP so that not one of standard ones (192.168.1.1, etc). That way people would have harder time to guess the range and the gateway if they were configuring static on their computer.
Of course there are always ways around this, if they have physical access to the router itself.