Don't leave unprotected, unattended root logins in insecure areas.
Don't give root access to people unnecessarily, and as much as possible keep the number of people with root access to a minimum. There are often other mechanisms (groups, the sudo utility) to provide specific privilege so you don't have to give access to all the powers of root.
Only grant trust to other systems when absolutely necessary, and limit the trust relationship as much as feasible.
Disable unnecessary setuid-root programs (often programs are made setuid root when they would be run only by root users anyway).
Mount filesystems with the "nosuid" option when they don't need to contain setuid binaries.
Don't run unnecessary network services.
There are some limited (but not perfect) protections for buffer overruns and related exploits: