Vehicles have evolved from isolated and mechanical systems into complex ecosystems of on-board networks, composed of Electronic Control Units (ECUs), sensors and actuators, which govern their functionalities. These networks have been traditionally designed as trusted, closed systems, but modern needs have opened them to remote and local connections. Researchers have shown that modern vehicles are vulnerable to multiple types of attacks leveraging remote and physical access, which allow attackers to gain control and affect safety-critical systems. Therefore, the interest of manufacturers for embedding security into the design phase of new vehicles is rising. In this paper, we propose a semi-automated and topology-based risk analysis framework that helps in designing and assessing the security of automotive on-board networks. The tool receives the network topology as input and evaluates its security using state-of-the-art risk metrics. Then, it provides the analyst with security-hardened network topologies, as a countermeasure against the most dangerous attacks. We evaluate our approach on known topologies and demonstrate its effectiveness.