This is the point of failure on all standard UNIX machines. Virtually every attack is based around the concept of gaining root access on a machine. Once this is achieved an intruder can literally do anything with your system.
Setuid programs are programs which when run by a normal user, change their user id to 0 (root) and then perform tasks at that level.
This is useful for programs like passwd which allow a normal user to modify their password. However, it is a major source of security holes. In order to protect yourself, the first thing you should do is run the following command
find / -perm -4000 -print | mail root
This will find all setuid programs on your system. Now go through this list and determine what you actually need to be setuid root. An example list is..
Now that you've found a list you need to decide what programs you actually want to have the suid bit. Remove it from all others.
So lets examine these programs.
eject - ejects a disk from the drive. Anyone using your drive that isn't root? Get rid of the suid bit
login - This one needs it to set itself up for a user
passwd - Allows a user to change their password. This may not be necessary.
ps - nope. Ditch the suid bit
rcp, rlogin, etc - If you want people to use the r-commands then the suid bit must remain. The r-commands need to bind to a privileged port which requires uid 0. Security does not come about from laziness. Ditch the suid bits.
su - If you want people to su, then leave it on. At the very least restrict it to a certain group.
uptime - Nope. Ditch the suid bit.
w - Allows a user to see who is on. Ditch the suid bit. It still works.
ufsdump - Unless you want a non root user doing backups get rid of the suid bit.
ping - Unless you really want users to use this get rid of the suid bit.